Merged in master, stable-2.11, stable-2.10, and stable-2.9.
Thanks!
Jérémie
On Tue, Mar 26, 2019 at 03:53:06PM -0400, Yannick Lamarre wrote:
> The lttng client uses the sizeof the containing buffer, defined as
> LTTNG_SYMBOL_NAME_LEN, for input string sanitation instead of libc defined
> macro NAME_MAX. lttng-enable_channel improperly verified user input
> and wrongly discarded valid input in case NAME_MAX was less than the
> sizeof the containing buffer for the channel's name.
> This patch also fixes potential buffer overflow caused by an improperly
> bounded strcpy in the case where NAME_MAX would have been greater than
> LTTNG_SYMBOL_NAME_LEN.
>
> Signed-off-by: Yannick Lamarre <ylama...@efficios.com>
> ---
> src/bin/lttng/commands/enable_channels.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/bin/lttng/commands/enable_channels.c
> b/src/bin/lttng/commands/enable_channels.c
> index b4e2942c..5e314d9b 100644
> --- a/src/bin/lttng/commands/enable_channels.c
> +++ b/src/bin/lttng/commands/enable_channels.c
> @@ -244,7 +244,7 @@ static int enable_channel(char *session_name)
> void *extended_ptr;
>
> /* Validate channel name's length */
> - if (strlen(channel_name) >= NAME_MAX) {
> + if (strlen(channel_name) > sizeof(chan_opts.name) - 1) {
> ERR("Channel name is too long (max. %zu characters)",
> sizeof(chan_opts.name) - 1);
> error = 1;
> --
> 2.11.0
>
_______________________________________________
lttng-dev mailing list
lttng-dev@lists.lttng.org
https://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
