projects
/
lttng-tools.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix: sessiond: TOCTOU error on save of session configuration
[lttng-tools.git]
/
src
/
bin
/
lttng-sessiond
/
save.c
diff --git
a/src/bin/lttng-sessiond/save.c
b/src/bin/lttng-sessiond/save.c
index 489446d6311dc4d8048f5f525cf91fcab1e7eaa9..2447f820976822a25a36e7f07edd7a0c385353af 100644
(file)
--- a/
src/bin/lttng-sessiond/save.c
+++ b/
src/bin/lttng-sessiond/save.c
@@
-174,13
+174,13
@@
const char *get_kernel_instrumentation_string(
instrumentation_string = config_event_type_tracepoint;
break;
case LTTNG_KERNEL_KPROBE:
instrumentation_string = config_event_type_tracepoint;
break;
case LTTNG_KERNEL_KPROBE:
- instrumentation_string = config_event_type_
k
probe;
+ instrumentation_string = config_event_type_probe;
break;
case LTTNG_KERNEL_FUNCTION:
break;
case LTTNG_KERNEL_FUNCTION:
- instrumentation_string = config_event_type_function;
+ instrumentation_string = config_event_type_function
_entry
;
break;
case LTTNG_KERNEL_KRETPROBE:
break;
case LTTNG_KERNEL_KRETPROBE:
- instrumentation_string = config_event_type_
kretprobe
;
+ instrumentation_string = config_event_type_
function
;
break;
case LTTNG_KERNEL_NOOP:
instrumentation_string = config_event_type_noop;
break;
case LTTNG_KERNEL_NOOP:
instrumentation_string = config_event_type_noop;
@@
-708,7
+708,11
@@
int init_ust_event_from_agent_event(struct ltt_ust_event *ust_event,
ust_event->enabled = agent_event->enabled;
ust_event->attr.instrumentation = LTTNG_UST_TRACEPOINT;
ust_event->enabled = agent_event->enabled;
ust_event->attr.instrumentation = LTTNG_UST_TRACEPOINT;
- strncpy(ust_event->attr.name, agent_event->name, LTTNG_SYMBOL_NAME_LEN);
+ if (lttng_strncpy(ust_event->attr.name, agent_event->name,
+ LTTNG_SYMBOL_NAME_LEN)) {
+ ret = -1;
+ goto end;
+ }
switch (agent_event->loglevel_type) {
case LTTNG_EVENT_LOGLEVEL_ALL:
ust_loglevel_type = LTTNG_UST_LOGLEVEL_ALL;
switch (agent_event->loglevel_type) {
case LTTNG_EVENT_LOGLEVEL_ALL:
ust_loglevel_type = LTTNG_UST_LOGLEVEL_ALL;
@@
-1845,13
+1849,13
@@
static
int save_session(struct ltt_session *session,
struct lttng_save_session_attr *attr, lttng_sock_cred *creds)
{
int save_session(struct ltt_session *session,
struct lttng_save_session_attr *attr, lttng_sock_cred *creds)
{
- int ret, fd;
- unsigned int file_opened = 0; /* Indicate if the file has been opened */
- char config_file_path[PATH_MAX];
+ int ret, fd = -1;
+ char config_file_path[LTTNG_PATH_MAX];
size_t len;
struct config_writer *writer = NULL;
size_t session_name_len;
const char *provided_path;
size_t len;
struct config_writer *writer = NULL;
size_t session_name_len;
const char *provided_path;
+ int file_open_flags = O_CREAT | O_WRONLY | O_TRUNC;
assert(session);
assert(attr);
assert(session);
assert(attr);
@@
-1875,7
+1879,7
@@
int save_session(struct ltt_session *session,
ret = LTTNG_ERR_SET_URL;
goto end;
}
ret = LTTNG_ERR_SET_URL;
goto end;
}
- strncpy(config_file_path, provided_path,
len
);
+ strncpy(config_file_path, provided_path,
sizeof(config_file_path)
);
} else {
ssize_t ret_len;
char *home_dir = utils_get_user_home_dir(
} else {
ssize_t ret_len;
char *home_dir = utils_get_user_home_dir(
@@
-1919,27
+1923,34
@@
int save_session(struct ltt_session *session,
* was done just above.
*/
config_file_path[len++] = '/';
* was done just above.
*/
config_file_path[len++] = '/';
- strncpy(config_file_path + len, session->name, s
ession_name_
len);
+ strncpy(config_file_path + len, session->name, s
izeof(config_file_path) -
len);
len += session_name_len;
strcpy(config_file_path + len, DEFAULT_SESSION_CONFIG_FILE_EXTENSION);
len += sizeof(DEFAULT_SESSION_CONFIG_FILE_EXTENSION);
config_file_path[len] = '\0';
len += session_name_len;
strcpy(config_file_path + len, DEFAULT_SESSION_CONFIG_FILE_EXTENSION);
len += sizeof(DEFAULT_SESSION_CONFIG_FILE_EXTENSION);
config_file_path[len] = '\0';
- if (!access(config_file_path, F_OK) && !attr->overwrite) {
- /* File exists, notify the user since the overwrite flag is off. */
- ret = LTTNG_ERR_SAVE_FILE_EXIST;
- goto end;
+ if (!attr->overwrite) {
+ file_open_flags |= O_EXCL;
}
}
- fd = run_as_open(config_file_path,
O_CREAT | O_WRONLY | O_TRUNC
,
+ fd = run_as_open(config_file_path,
file_open_flags
,
S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP,
LTTNG_SOCK_GET_UID_CRED(creds), LTTNG_SOCK_GET_GID_CRED(creds));
if (fd < 0) {
PERROR("Could not create configuration file");
S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP,
LTTNG_SOCK_GET_UID_CRED(creds), LTTNG_SOCK_GET_GID_CRED(creds));
if (fd < 0) {
PERROR("Could not create configuration file");
- ret = LTTNG_ERR_SAVE_IO_FAIL;
+ switch (errno) {
+ case EEXIST:
+ ret = LTTNG_ERR_SAVE_FILE_EXIST;
+ break;
+ case EACCES:
+ ret = LTTNG_ERR_EPERM;
+ break;
+ default:
+ ret = LTTNG_ERR_SAVE_IO_FAIL;
+ break;
+ }
goto end;
}
goto end;
}
- file_opened = 1;
writer = config_writer_create(fd, 1);
if (!writer) {
writer = config_writer_create(fd, 1);
if (!writer) {
@@
-2044,11
+2055,18
@@
end:
}
if (ret) {
/* Delete file in case of error */
}
if (ret) {
/* Delete file in case of error */
- if (
file_opened
&& unlink(config_file_path)) {
+ if (
(fd >= 0)
&& unlink(config_file_path)) {
PERROR("Unlinking XML session configuration.");
}
}
PERROR("Unlinking XML session configuration.");
}
}
+ if (fd >= 0) {
+ ret = close(fd);
+ if (ret) {
+ PERROR("Closing XML session configuration");
+ }
+ }
+
return ret;
}
return ret;
}
This page took
0.025381 seconds
and
4
git commands to generate.