relayd: clean-up: mix-up between LTTNG_PATH_MAX and LTTNG_NAME_MAX

LTTNG_PATH_MAX and LTTNG_NAME_MAX are mixed up in
cmd_create_session_2_4(). While Coverity warns of a possible buffer
overrun, this is not possible since the length of the received
buffer is correctly checked against LTTNG_NAME_MAX.

Change the use of LTTNG_PATH_MAX for LTTNG_NAME_MAX even though
strcpy() could be used safely here.

1405634 Out-of-bounds access
Access of memory not owned by this buffer may cause crashes or incorrect computations.
In relay_create_session: Out-of-bounds access to a buffer (CWE-119)

Reported-by: Coverity Scan
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>

diff --git a/src/bin/lttng-relayd/cmd-2-4.c b/src/bin/lttng-relayd/cmd-2-4.c
index ac6e0425877970f3da91b05911fa8dc0c644609b..e20a838da932051572ebd2db984bf3b9eddaa408 100644 (file)
--- a/src/bin/lttng-relayd/cmd-2-4.c
+++ b/src/bin/lttng-relayd/cmd-2-4.c
@@ -53,7 +53,7 @@ int cmd_create_session_2_4(const struct lttng_buffer_view *payload,
                ERR("Session name too long");
                goto error;
        }
                ERR("Session name too long");
                goto error;
        }

-       strncpy(session_name, session_info.session_name, LTTNG_PATH_MAX);
+       strncpy(session_name, session_info.session_name, LTTNG_NAME_MAX);

 
        len = lttng_strnlen(session_info.hostname, sizeof(session_info.hostname));
        if (len == sizeof(session_info.hostname) || len >= LTTNG_HOST_NAME_MAX) {
 
        len = lttng_strnlen(session_info.hostname, sizeof(session_info.hostname));
        if (len == sizeof(session_info.hostname) || len >= LTTNG_HOST_NAME_MAX) {