mirror of
https://github.com/systemd/systemd.git
synced 2024-12-25 01:34:28 +03:00
sd-journal: check .next_entry_array_offset earlier
Then, if it is invalid, refuse to use the entry array object.
Follow-up for a8fbcc0e3c
.
Fixes #27489.
This commit is contained in:
parent
845824acdd
commit
b5335da7a5
@ -924,7 +924,7 @@ static int check_object(JournalFile *f, Object *o, uint64_t offset) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
case OBJECT_ENTRY_ARRAY: {
|
case OBJECT_ENTRY_ARRAY: {
|
||||||
uint64_t sz;
|
uint64_t sz, next;
|
||||||
|
|
||||||
sz = le64toh(READ_NOW(o->object.size));
|
sz = le64toh(READ_NOW(o->object.size));
|
||||||
if (sz < offsetof(Object, entry_array.items) ||
|
if (sz < offsetof(Object, entry_array.items) ||
|
||||||
@ -934,11 +934,12 @@ static int check_object(JournalFile *f, Object *o, uint64_t offset) {
|
|||||||
"Invalid object entry array size: %" PRIu64 ": %" PRIu64,
|
"Invalid object entry array size: %" PRIu64 ": %" PRIu64,
|
||||||
sz,
|
sz,
|
||||||
offset);
|
offset);
|
||||||
|
/* Here, we request that the offset of each entry array object is in strictly increasing order. */
|
||||||
if (!VALID64(le64toh(o->entry_array.next_entry_array_offset)))
|
next = le64toh(o->entry_array.next_entry_array_offset);
|
||||||
|
if (!VALID64(next) || (next > 0 && next <= offset))
|
||||||
return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
|
return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
|
||||||
"Invalid object entry array next_entry_array_offset: " OFSfmt ": %" PRIu64,
|
"Invalid object entry array next_entry_array_offset: %" PRIu64 ": %" PRIu64,
|
||||||
le64toh(o->entry_array.next_entry_array_offset),
|
next,
|
||||||
offset);
|
offset);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
Loading…
Reference in New Issue
Block a user