daemon: parse apid/ctid in dlt_daemon_control_get_log_info_v2

SoundMatt · SoundMatt · commit 808c02b7ced7 · 2026-05-05T07:57:33.000-07:00
Companion fix to the OOB-read fix in this same commit series. The function never assigned req->apid or req->ctid: req is calloc'd, so the char * pointer fields start NULL, and the dlt_set_id_v2(req->apid, ...) call to populate them was a no-op (dlt_set_id_v2 early-returns when its destination is NULL). req->apid / req->ctid stayed NULL and were then passed to dlt_daemon_application_find_v2 and dlt_daemon_context_find_v2 despite req->apidlen / req->ctidlen being non-zero — every non-empty lookup was silently turned into a zero-length one. Replace the no-op dlt_set_id_v2 calls with conditional pointer assignments into msg->databuffer, mirroring the surgical approach taken for set_log_level_v2 in PR COVESA#864 and unregister_context_v2 in PR COVESA#868. The bounds checks added in the previous commit ensure the pointer-into-databuffer assignments are safe. Closes COVESA#870. Related: COVESA#866.
diff --git a/src/daemon/dlt_daemon_client.c b/src/daemon/dlt_daemon_client.c
@@ -2163,8 +2163,17 @@ void dlt_daemon_control_get_log_info_v2(int sock,
         return;
     }
 
-    dlt_set_id_v2(req->apid, (const char *)(msg->databuffer + db_offset), req->apidlen);
-    db_offset = db_offset + (int)req->apidlen;
+    /* Point req->apid into msg->databuffer when apidlen > 0; leave NULL
+     * otherwise. The previous dlt_set_id_v2(req->apid, ...) call here was
+     * a no-op because req->apid is a calloc'd char * pointer (NULL).
+     * Without this, req->apid stays NULL and is later passed to
+     * dlt_daemon_application_find_v2() despite req->apidlen being non-zero,
+     * silently turning every non-empty apid lookup into a zero-length one.
+     * See #870 for full analysis. */
+    if (req->apidlen > 0) {
+        req->apid = (char *)(msg->databuffer + db_offset);
+        db_offset = db_offset + (int)req->apidlen;
+    }
     memcpy(&(req->ctidlen), (const char *)(msg->databuffer + db_offset), sizeof(uint8_t));
     db_offset = db_offset + (int)sizeof(uint8_t);
 
@@ -2175,8 +2184,10 @@ void dlt_daemon_control_get_log_info_v2(int sock,
         return;
     }
 
-    dlt_set_id_v2(req->ctid, (const char *)(msg->databuffer + db_offset), req->ctidlen);
-    db_offset = db_offset + (int)req->ctidlen;
+    if (req->ctidlen > 0) {
+        req->ctid = (char *)(msg->databuffer + db_offset);
+        db_offset = db_offset + (int)req->ctidlen;
+    }
     memcpy((req->com), (const char *)(msg->databuffer + db_offset), DLT_ID_SIZE);
 
     /* initialise new message */
