From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Tue, 17 May 2016 01:42:51 +0000 (-0400)
Subject: Fix: illegal memory access in list_lttng_channels
X-Git-Tag: v2.6.3~47
X-Git-Url: https://git.liburcu.org/?p=lttng-tools.git;a=commitdiff_plain;h=084fe1eb76ce508f32da47dbc310f702fc19ef57

Fix: illegal memory access in list_lttng_channels

Found by Coverity:
CID 1243018 (#1 of 1): Buffer not null terminated
(BUFFER_SIZE_WARNING)11. buffer_size_warning: Calling strncpy with a
maximum size argument of 256 bytes on destination array (channels +
i).name of size 256 bytes might leave the destination string
unterminated.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
---

diff --git a/src/bin/lttng-sessiond/cmd.c b/src/bin/lttng-sessiond/cmd.c
index e8a8d2fc7..5e6a0d087 100644
--- a/src/bin/lttng-sessiond/cmd.c
+++ b/src/bin/lttng-sessiond/cmd.c
@@ -174,7 +174,10 @@ static void list_lttng_channels(int domain, struct ltt_session *session,
 		rcu_read_lock();
 		cds_lfht_for_each_entry(session->ust_session->domain_global.channels->ht,
 				&iter.iter, uchan, node.node) {
-			strncpy(channels[i].name, uchan->name, LTTNG_SYMBOL_NAME_LEN);
+			if (lttng_strncpy(channels[i].name, uchan->name,
+					LTTNG_SYMBOL_NAME_LEN)) {
+				break;
+			}
 			channels[i].attr.overwrite = uchan->attr.overwrite;
 			channels[i].attr.subbuf_size = uchan->attr.subbuf_size;
 			channels[i].attr.num_subbuf = uchan->attr.num_subbuf;