chiark / gitweb /
~ianmdlvl / elogind.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 57cd09a)
sd-journal: verify that object start with the field name
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Wed, 27 Aug 2014 03:54:31 +0000 (23:54 -0400)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Thu, 28 Aug 2014 01:05:28 +0000 (21:05 -0400)
If the journal is corrupted, we might return an object that does
not start with the expected field name and/or is shorter than it
should.

src/journal/journal-file.c patch | blob | history
src/journal/sd-journal.c patch | blob | history

diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index 986e94de392ac12011c27e16352e79638a79a2b1..7286e14ddba32a07421a15a7b2c451b74b379c53 100644 (file)
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -425,7 +425,6 @@ int journal_file_move_to_object(JournalFile *f, int type, uint64_t offset, Objec
         if (!VALID64(offset))
                 return -EFAULT;
 
-
         r = journal_file_move_to(f, type_to_context(type), false, offset, sizeof(ObjectHeader), &t);
         if (r < 0)
                 return r;
diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c
index 80ff8fef573fb4f7d03ace09fcb61eff0e9e70bc..693707cb347a817da8f2a416e29ba5dfe6d30aa2 100644 (file)
--- a/src/journal/sd-journal.c
+++ b/src/journal/sd-journal.c
@@ -2571,6 +2571,21 @@ _public_ int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_
                 if (r < 0)
                         return r;
 
+                /* Check if we have at least the field name and "=". */
+                if (ol <= k) {
+                        log_debug("%s:offset " OFSfmt ": object has size %zu, expected at least %zu",
+                                  j->unique_file->path, j->unique_offset,
+                                  ol, k + 1);
+                        return -EBADMSG;
+                }
+
+                if (memcmp(odata, j->unique_field, k) || ((const char*) odata)[k] != '=') {
+                        log_debug("%s:offset " OFSfmt ": object does not start with \"%s=\"",
+                                  j->unique_file->path, j->unique_offset,
+                                  j->unique_field);
+                        return -EBADMSG;
+                }
+
                 /* OK, now let's see if we already returned this data
                  * object by checking if it exists in the earlier
                  * traversed files. */
Unnamed repository; edit this file 'description' to name the repository.