journald: filter fields send from client starting with underscore

[elogind.git] / src / journal / journald.c

diff --git a/src/journal/journald.c b/src/journal/journald.c
index 453495a96456de0b9c106cfefaa5b2c2e821a904..630ead0053dd3434822c55027a16cf8a8109a88f 100644 (file)
--- a/src/journal/journald.c
+++ b/src/journal/journald.c
@@ -38,6 +38,8 @@
 #include "acl-util.h"
 #include "cgroup-util.h"
 
+#define USER_JOURNALS_MAX 1024
+
 typedef struct Server {
         int epoll_fd;
         int signal_fd;
@@ -127,6 +129,13 @@ static JournalFile* find_journal(Server *s, uid_t uid) {
         if (asprintf(&p, "/var/log/journal/%s/user-%lu.journal", sd_id128_to_string(machine, ids), (unsigned long) uid) < 0)
                 return s->system_journal;
 
+        while (hashmap_size(s->user_journals) >= USER_JOURNALS_MAX) {
+                /* Too many open? Then let's close one */
+                f = hashmap_steal_first(s->user_journals);
+                assert(f);
+                journal_file_close(f);
+        }
+
         r = journal_file_open(p, O_RDWR|O_CREAT, 0640, s->system_journal, &f);
         free(p);
 
@@ -367,9 +376,15 @@ static void process_native_message(Server *s, const void *buffer, size_t buffer_
 
                 q = memchr(p, '=', e - p);
                 if (q) {
-                        iovec[n].iov_base = (char*) p;
-                        iovec[n].iov_len = e - p;
-                        n++;
+                        if (p[0] != '_') {
+                                /* If the field name starts with an
+                                 * underscore, skip the variable,
+                                 * since that indidates a trusted
+                                 * field */
+                                iovec[n].iov_base = (char*) p;
+                                iovec[n].iov_len = e - p;
+                                n++;
+                        }
 
                         remaining -= (e - p) + 1;
                         p = e + 1;
@@ -402,9 +417,12 @@ static void process_native_message(Server *s, const void *buffer, size_t buffer_
                         k[e - p] = '=';
                         memcpy(k + (e - p) + 1, e + 1 + sizeof(uint64_t), l);
 
-                        iovec[n].iov_base = k;
-                        iovec[n].iov_len = (e - p) + 1 + l;
-                        n++;
+                        if (k[0] != '_') {
+                                iovec[n].iov_base = k;
+                                iovec[n].iov_len = (e - p) + 1 + l;
+                                n++;
+                        } else
+                                free(k);
 
                         remaining -= (e - p) + 1 + sizeof(uint64_t) + l + 1;
                         p = e + 1 + sizeof(uint64_t) + l + 1;