chiark / gitweb /
~ianmdlvl / elogind.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7d5e9c0)
journald: don't accept arbitrarily sized journal data fields
authorLennart Poettering <lennart@poettering.net>
Wed, 19 Sep 2012 20:51:28 +0000 (22:51 +0200)
committerLennart Poettering <lennart@poettering.net>
Wed, 19 Sep 2012 20:51:28 +0000 (22:51 +0200)
https://bugzilla.redhat.com/show_bug.cgi?id=858746

src/journal/journald-native.c patch | blob | history

diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c
index 4e44c3ada78c4d16c05ba38f12ff6a54c749b603..85458b50c29ccc94a8046fd9eec6ffab08595f33 100644 (file)
--- a/src/journal/journald-native.c
+++ b/src/journal/journald-native.c
@@ -30,7 +30,8 @@
 #include "journald-console.h"
 #include "journald-syslog.h"
 
-#define ENTRY_SIZE_MAX (1024*1024*32)
+#define ENTRY_SIZE_MAX (1024*1024*64)
+#define DATA_SIZE_MAX (1024*1024*64)
 
 static bool valid_user_field(const char *p, size_t l) {
         const char *a;
@@ -205,7 +206,12 @@ void server_process_native_message(
                         memcpy(&l_le, e + 1, sizeof(uint64_t));
                         l = le64toh(l_le);
 
-                        if (remaining < e - p + 1 + sizeof(uint64_t) + l + 1 ||
+                        if (l > DATA_SIZE_MAX) {
+                                log_debug("Received binary data block too large, ignoring.");
+                                break;
+                        }
+
+                        if ((uint64_t) remaining < e - p + 1 + sizeof(uint64_t) + l + 1 ||
                             e[1+sizeof(uint64_t)+l] != '\n') {
                                 log_debug("Failed to parse message, ignoring.");
                                 break;
Unnamed repository; edit this file 'description' to name the repository.