From 43eacc5292f04dc434140eca7fee78f2257666c3 Mon Sep 17 00:00:00 2001 From: Francis Deslauriers Date: Tue, 30 Apr 2019 13:51:03 -0400 Subject: [PATCH] Fix: src.ctf.fs: metadata-info: sanitize `path` param Issue ===== Omitting to pass the mandatory `path` parameter to the `metadata-info` query results in a BT_ASSERT() failure when calling bt_value_get_string(), or a NULL pointer dereference in non-DEV_MODE. Similarly, setting the `path` to a non-string value would also result in a BT_ASSERT() failure, or a invalid memory access in non-DEV_MODE Solution ======== Confirm that the `path` parameter is present and is of the string type and print error messages accordingly it's not. Known drawbacks =============== None. Signed-off-by: Francis Deslauriers Change-Id: I8182de2797c375262d77a4a8961bedb4c5ef9578 Reviewed-on: https://review.lttng.org/c/babeltrace/+/1081 Reviewed-by: Philippe Proulx --- plugins/ctf/fs-src/query.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/plugins/ctf/fs-src/query.c b/plugins/ctf/fs-src/query.c index 0235cf6b..c185307c 100644 --- a/plugins/ctf/fs-src/query.c +++ b/plugins/ctf/fs-src/query.c @@ -77,6 +77,18 @@ bt_query_status metadata_info_query( } path_value = bt_value_map_borrow_entry_value_const(params, "path"); + if (!path_value) { + BT_LOGE_STR("Mandatory `path` parameter missing"); + status = BT_QUERY_STATUS_INVALID_PARAMS; + goto error; + } + + if (!bt_value_is_string(path_value)) { + BT_LOGE_STR("`path` parameter is required to be a string value"); + status = BT_QUERY_STATUS_INVALID_PARAMS; + goto error; + } + path = bt_value_string_get(path_value); BT_ASSERT(path); -- 2.34.1