sd-journal: also verify tail_entry_boot_id and friends in journal_file_verify_header()

Then, we can drop the redundant check in journal_file_read_tail_timestamp().
2024-12-31 21:18:09 +03:00 · 2023-09-23 03:14:40 +09:00 · 2023-09-23 03:14:40 +09:00 · 6ea51363c8
commit 6ea51363c8
parent 1fa2ebbec4
2 changed files with 28 additions and 10 deletions
--- a/src/libsystemd/sd-journal/journal-file.c
+++ b/src/libsystemd/sd-journal/journal-file.c
@ -623,10 +623,36 @@ static int journal_file_verify_header(JournalFile *f) {
                        return -ENODATA;
        }

-        if (JOURNAL_HEADER_CONTAINS(f->header, tail_entry_offset))
-                if (!offset_is_valid(le64toh(f->header->tail_entry_offset), header_size, tail_object_offset))
+        if (JOURNAL_HEADER_CONTAINS(f->header, tail_entry_offset)) {
+                uint64_t offset = le64toh(f->header->tail_entry_offset);
+
+                if (!offset_is_valid(offset, header_size, tail_object_offset))
                        return -ENODATA;

+                if (offset > 0) {
+                        /* When there is an entry object, then these fields must be filled. */
+                        if (sd_id128_is_null(f->header->tail_entry_boot_id))
+                                return -ENODATA;
+                        if (!VALID_REALTIME(le64toh(f->header->head_entry_realtime)))
+                                return -ENODATA;
+                        if (!VALID_REALTIME(le64toh(f->header->tail_entry_realtime)))
+                                return -ENODATA;
+                        if (!VALID_MONOTONIC(le64toh(f->header->tail_entry_realtime)))
+                                return -ENODATA;
+                } else {
+                        /* Otherwise, the fields must be zero. */
+                        if (JOURNAL_HEADER_TAIL_ENTRY_BOOT_ID(f->header) &&
+                            !sd_id128_is_null(f->header->tail_entry_boot_id))
+                                return -ENODATA;
+                        if (f->header->head_entry_realtime != 0)
+                                return -ENODATA;
+                        if (f->header->tail_entry_realtime != 0)
+                                return -ENODATA;
+                        if (f->header->tail_entry_realtime != 0)
+                                return -ENODATA;
+                }
+        }
+
        /* Verify number of objects */
        uint64_t n_objects = le64toh(f->header->n_objects);
        if (n_objects > arena_size / sizeof(ObjectHeader))
--- a/src/libsystemd/sd-journal/sd-journal.c
+++ b/src/libsystemd/sd-journal/sd-journal.c
@ -2445,14 +2445,6 @@ static int journal_file_read_tail_timestamp(sd_journal *j, JournalFile *f) {
                        mo = le64toh(f->header->tail_entry_monotonic);
                        rt = le64toh(f->header->tail_entry_realtime);
                        id = f->header->tail_entry_boot_id;
-
-                        /* Some superficial checking if what we read makes sense. Note that we only do this
-                         * when reading the timestamps from the Header object, but not when reading them from
-                         * the most recent entry object, because in that case journal_file_move_to_object()
-                         * already validated them. */
-                        if (!VALID_MONOTONIC(mo) || !VALID_REALTIME(rt))
-                                return -ENODATA;
-
                } else {
                        /* Otherwise let's find the last entry manually (this possibly means traversing the
                         * chain of entry arrays, till the end */