From fe31b0f8f12c36c0e92eb45b791ea6a2ee79f592 Mon Sep 17 00:00:00 2001 From: Yannick Lamarre Date: Tue, 26 Mar 2019 15:53:06 -0400 Subject: [PATCH] Fix: Properly sanitize input parameter MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The lttng client uses the sizeof the containing buffer, defined as LTTNG_SYMBOL_NAME_LEN, for input string sanitation instead of libc defined macro NAME_MAX. lttng-enable_channel improperly verified user input and wrongly discarded valid input in case NAME_MAX was less than the sizeof the containing buffer for the channel's name. This patch also fixes potential buffer overflow caused by an improperly bounded strcpy in the case where NAME_MAX would have been greater than LTTNG_SYMBOL_NAME_LEN. Signed-off-by: Yannick Lamarre Signed-off-by: Jérémie Galarneau --- src/bin/lttng/commands/enable_channels.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bin/lttng/commands/enable_channels.c b/src/bin/lttng/commands/enable_channels.c index 66caa79a2..ac8f8e63b 100644 --- a/src/bin/lttng/commands/enable_channels.c +++ b/src/bin/lttng/commands/enable_channels.c @@ -212,7 +212,7 @@ static int enable_channel(char *session_name) channel_name = strtok(opt_channels, ","); while (channel_name != NULL) { /* Validate channel name's length */ - if (strlen(channel_name) >= NAME_MAX) { + if (strlen(channel_name) >= sizeof(chan.name)) { ERR("Channel name is too long (max. %zu characters)", sizeof(chan.name) - 1); error = 1; -- 2.34.1