shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-09-01 14:17:37 +03:00
Code Activity

sd-journal: verify that object start with the field name

Browse Source 
If the journal is corrupted, we might return an object that does
not start with the expected field name and/or is shorter than it
should.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek
2014-08-26 23:54:31 -04:00
parent 57cd09acf2
commit 0f99f74a14
2 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/journal/journal-file.c
View File

@ -425,7 +425,6 @@ int journal_file_move_to_object(JournalFile *f, int type, uint64_t offset, Objec
if (!VALID64(offset)) if (!VALID64(offset))
return -EFAULT; return -EFAULT;
r = journal_file_move_to(f, type_to_context(type), false, offset, sizeof(ObjectHeader), &t); r = journal_file_move_to(f, type_to_context(type), false, offset, sizeof(ObjectHeader), &t);
if (r < 0) if (r < 0)
return r; return r;

15
src/journal/sd-journal.c
View File

@ -2571,6 +2571,21 @@ _public_ int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_
if (r < 0) if (r < 0)
return r; return r;
/* Check if we have at least the field name and "=". */
if (ol <= k) {
log_debug("%s:offset " OFSfmt ": object has size %zu, expected at least %zu",
j->unique_file->path, j->unique_offset,
ol, k + 1);
return -EBADMSG;
}
if (memcmp(odata, j->unique_field, k) || ((const char*) odata)[k] != '=') {
log_debug("%s:offset " OFSfmt ": object does not start with \"%s=\"",
j->unique_file->path, j->unique_offset,
j->unique_field);
return -EBADMSG;
}
/* OK, now let's see if we already returned this data /* OK, now let's see if we already returned this data
* object by checking if it exists in the earlier * object by checking if it exists in the earlier
* traversed files. */ * traversed files. */