From da4f23eeb6dd852ec59bcc679312669876616281 Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?= Date: Mon, 23 Sep 2019 14:46:42 -0400 Subject: [PATCH] relayd: clean-up: mix-up between LTTNG_PATH_MAX and LTTNG_NAME_MAX MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit LTTNG_PATH_MAX and LTTNG_NAME_MAX are mixed up in cmd_create_session_2_4(). While Coverity warns of a possible buffer overrun, this is not possible since the length of the received buffer is correctly checked against LTTNG_NAME_MAX. Change the use of LTTNG_PATH_MAX for LTTNG_NAME_MAX even though strcpy() could be used safely here. 1405634 Out-of-bounds access Access of memory not owned by this buffer may cause crashes or incorrect computations. In relay_create_session: Out-of-bounds access to a buffer (CWE-119) Reported-by: Coverity Scan Signed-off-by: Jérémie Galarneau --- src/bin/lttng-relayd/cmd-2-4.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bin/lttng-relayd/cmd-2-4.c b/src/bin/lttng-relayd/cmd-2-4.c index ac6e04258..e20a838da 100644 --- a/src/bin/lttng-relayd/cmd-2-4.c +++ b/src/bin/lttng-relayd/cmd-2-4.c @@ -53,7 +53,7 @@ int cmd_create_session_2_4(const struct lttng_buffer_view *payload, ERR("Session name too long"); goto error; } - strncpy(session_name, session_info.session_name, LTTNG_PATH_MAX); + strncpy(session_name, session_info.session_name, LTTNG_NAME_MAX); len = lttng_strnlen(session_info.hostname, sizeof(session_info.hostname)); if (len == sizeof(session_info.hostname) || len >= LTTNG_HOST_NAME_MAX) { -- 2.34.1