chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
b72631e
)
journal: refuse verification of files with unknown flags
author
Lennart Poettering
<lennart@poettering.net>
Fri, 17 Aug 2012 22:40:48 +0000
(
00:40
+0200)
committer
Lennart Poettering
<lennart@poettering.net>
Fri, 17 Aug 2012 22:41:06 +0000
(
00:41
+0200)
src/journal/journal-verify.c
patch
|
blob
|
history
diff --git
a/src/journal/journal-verify.c
b/src/journal/journal-verify.c
index f66b23556b82055c07ad31ace1c855438f0ce9b9..e3bd8ffbd7ce2ecf4c0b8e165842dbf7e9851677 100644
(file)
--- a/
src/journal/journal-verify.c
+++ b/
src/journal/journal-verify.c
@@
-692,6
+692,8
@@
int journal_file_verify(
char data_path[] = "/var/tmp/journal-data-XXXXXX",
entry_path[] = "/var/tmp/journal-entry-XXXXXX",
entry_array_path[] = "/var/tmp/journal-entry-array-XXXXXX";
char data_path[] = "/var/tmp/journal-data-XXXXXX",
entry_path[] = "/var/tmp/journal-entry-XXXXXX",
entry_array_path[] = "/var/tmp/journal-entry-array-XXXXXX";
+ unsigned i;
+ bool found_last;
assert(f);
assert(f);
@@
-728,6
+730,24
@@
int journal_file_verify(
}
unlink(entry_array_path);
}
unlink(entry_array_path);
+#ifdef HAVE_GCRYPT
+ if ((le32toh(f->header->compatible_flags) & ~HEADER_COMPATIBLE_SEALED) != 0)
+#else
+ if (f->header->compatible_flags != 0)
+#endif
+ {
+ log_error("Cannot verify file with unknown extensions.");
+ r = -ENOTSUP;
+ goto fail;
+ }
+
+ for (i = 0; i < sizeof(f->header->reserved); i++)
+ if (f->header->reserved[i] != 0) {
+ log_error("Reserved field in non-zero.");
+ r = -EBADMSG;
+ goto fail;
+ }
+
/* First iteration: we go through all objects, verify the
* superficial structure, headers, hashes. */
/* First iteration: we go through all objects, verify the
* superficial structure, headers, hashes. */
@@
-742,12
+762,15
@@
int journal_file_verify(
goto fail;
}
goto fail;
}
- if (
le64toh(f->header->tail_object_offset) < p
) {
+ if (
p > le64toh(f->header->tail_object_offset)
) {
log_error("Invalid tail object pointer");
r = -EBADMSG;
goto fail;
}
log_error("Invalid tail object pointer");
r = -EBADMSG;
goto fail;
}
+ if (p == le64toh(f->header->tail_object_offset))
+ found_last = true;
+
n_objects ++;
r = journal_file_object_verify(f, o);
n_objects ++;
r = journal_file_object_verify(f, o);
@@
-983,6
+1006,12
@@
int journal_file_verify(
p = p + ALIGN64(le64toh(o->object.size));
}
p = p + ALIGN64(le64toh(o->object.size));
}
+ if (!found_last) {
+ log_error("Tail object pointer dead");
+ r = -EBADMSG;
+ goto fail;
+ }
+
if (n_objects != le64toh(f->header->n_objects)) {
log_error("Object number mismatch");
r = -EBADMSG;
if (n_objects != le64toh(f->header->n_objects)) {
log_error("Object number mismatch");
r = -EBADMSG;