mirror of
https://github.com/systemd/systemd.git
synced 2024-12-25 01:34:28 +03:00
sd-journal: check .next_entry_array_offset earlier
Then, if it is invalid, refuse to use the entry array object.
Follow-up for a8fbcc0e3c
.
Fixes #27489.
This commit is contained in:
parent
845824acdd
commit
b5335da7a5
@ -924,7 +924,7 @@ static int check_object(JournalFile *f, Object *o, uint64_t offset) {
|
||||
}
|
||||
|
||||
case OBJECT_ENTRY_ARRAY: {
|
||||
uint64_t sz;
|
||||
uint64_t sz, next;
|
||||
|
||||
sz = le64toh(READ_NOW(o->object.size));
|
||||
if (sz < offsetof(Object, entry_array.items) ||
|
||||
@ -934,11 +934,12 @@ static int check_object(JournalFile *f, Object *o, uint64_t offset) {
|
||||
"Invalid object entry array size: %" PRIu64 ": %" PRIu64,
|
||||
sz,
|
||||
offset);
|
||||
|
||||
if (!VALID64(le64toh(o->entry_array.next_entry_array_offset)))
|
||||
/* Here, we request that the offset of each entry array object is in strictly increasing order. */
|
||||
next = le64toh(o->entry_array.next_entry_array_offset);
|
||||
if (!VALID64(next) || (next > 0 && next <= offset))
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
|
||||
"Invalid object entry array next_entry_array_offset: " OFSfmt ": %" PRIu64,
|
||||
le64toh(o->entry_array.next_entry_array_offset),
|
||||
"Invalid object entry array next_entry_array_offset: %" PRIu64 ": %" PRIu64,
|
||||
next,
|
||||
offset);
|
||||
|
||||
break;
|
||||
|
Loading…
Reference in New Issue
Block a user