journal: never mmap beyond file size

diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index 80775e1acf940f46a1f7a44125c950c4ae21c076..6c7718de3126018483b3efbc5f2c797549c691cc 100644 (file)
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -241,6 +241,10 @@ static int journal_file_map(
         wsize = size + (offset - woffset);
         wsize = PAGE_ALIGN(wsize);
 
+        /* Avoid SIGBUS on invalid accesses */
+        if (woffset + wsize > (uint64_t) PAGE_ALIGN(f->last_stat.st_size))
+                return -EADDRNOTAVAIL;
+
         window = mmap(NULL, wsize, f->prot, MAP_SHARED, f->fd, woffset);
         if (window == MAP_FAILED)
                 return -errno;
@@ -305,6 +309,15 @@ static int journal_file_move_to(JournalFile *f, int wt, uint64_t offset, uint64_
         } else
                 delta = 0;
 
+        if (offset > (uint64_t) f->last_stat.st_size)
+                return -EADDRNOTAVAIL;
+
+        if (offset + size > (uint64_t) f->last_stat.st_size)
+                size = PAGE_ALIGN((uint64_t) f->last_stat.st_size - offset);
+
+        if (size <= 0)
+                return -EADDRNOTAVAIL;
+
         r = journal_file_map(f,
                              offset, size,
                              &w->ptr, &w->offset, &w->size,

diff --git a/src/journal/sd-journal.h b/src/journal/sd-journal.h
index 9872e9c29c2f2717ae1344c59aca6125d2d26275..7f9f78598b7917a9696a0c52bb3b2ac1461e1314 100644 (file)
--- a/src/journal/sd-journal.h
+++ b/src/journal/sd-journal.h
@@ -36,8 +36,14 @@
  *   - extend hash tables table as we go
  *   - accelerate looking for "all hostnames" and suchlike.
  *   - cryptographic hash
- *   - never access beyond fle size check
  *   - OR of matches is borked...
+ *   - flush /run to /var
+ *   - hookup with systemctl
+ *   - local deserializer
+ *   - think about manipulations of header
+ *   - http server
+ *   - handle incomplete header
+ *   - message catalog
  */
 
 /* Write to daemon */