From 6ad1d1c30621280bfad3e63fcc1c7ceb7d8ffa98 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 22 Dec 2011 00:35:04 +0100 Subject: [PATCH] journald: enforce some syntax restrictions on field names sent from the client side --- src/journal/journald.c | 44 ++++++++++++++++++++++++++++++++++---- src/journal/sd-journal.c | 17 +++++++++++++++ src/journal/test-journal.c | 2 ++ 3 files changed, 59 insertions(+), 4 deletions(-) diff --git a/src/journal/journald.c b/src/journal/journald.c index ca274ee44..d35e1c119 100644 --- a/src/journal/journald.c +++ b/src/journal/journald.c @@ -395,6 +395,41 @@ static void process_syslog_message(Server *s, const char *buf, struct ucred *ucr free(syslog_priority); } +static bool valid_user_field(const char *p, size_t l) { + const char *a; + + /* We kinda enforce POSIX syntax recommendations for + environment variables here, but make a couple of additional + requirements. + + http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap08.html */ + + /* No empty field names */ + if (l <= 0) + return false; + + /* Don't allow names longer than 64 chars */ + if (l > 64) + return false; + + /* Variables starting with an underscore are protected */ + if (p[0] == '_') + return false; + + /* Don't allow digits as first character */ + if (p[0] >= '0' && p[0] <= '9') + return false; + + /* Only allow A-Z0-9 and '_' */ + for (a = p; a < p + l; a++) + if (!((*a >= 'A' && *a <= 'Z') || + (*a >= '0' && *a <= '9') || + *a == '_')) + return false; + + return true; +} + static void process_native_message(Server *s, const void *buffer, size_t buffer_size, struct ucred *ucred, struct timeval *tv) { struct iovec *iovec = NULL; unsigned n = 0, m = 0, j; @@ -428,8 +463,9 @@ static void process_native_message(Server *s, const void *buffer, size_t buffer_ continue; } - if (*p == '.') { - /* Control command, ignore for now */ + if (*p == '.' || *p == '#') { + /* Ignore control commands for now, and + * comments too. */ remaining -= (e - p) + 1; p = e + 1; continue; @@ -454,7 +490,7 @@ static void process_native_message(Server *s, const void *buffer, size_t buffer_ q = memchr(p, '=', e - p); if (q) { - if (p[0] != '_') { + if (valid_user_field(p, q - p)) { /* If the field name starts with an * underscore, skip the variable, * since that indidates a trusted @@ -495,7 +531,7 @@ static void process_native_message(Server *s, const void *buffer, size_t buffer_ k[e - p] = '='; memcpy(k + (e - p) + 1, e + 1 + sizeof(uint64_t), l); - if (k[0] != '_') { + if (valid_user_field(p, e - p)) { iovec[n].iov_base = k; iovec[n].iov_len = (e - p) + 1 + l; n++; diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c index b9abbdff9..409583090 100644 --- a/src/journal/sd-journal.c +++ b/src/journal/sd-journal.c @@ -1585,3 +1585,20 @@ int sd_journal_process(sd_journal *j) { } } } + +int sd_journal_query_unique(sd_journal *j, const char *field) { + assert(j); + assert(field); + + return -ENOTSUP; +} + +int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_t *l) { + assert(j); + + return -ENOTSUP; +} + +void sd_journal_restart_unique(sd_journal *j) { + assert(j); +} diff --git a/src/journal/test-journal.c b/src/journal/test-journal.c index a9bd6cb2c..3d429bea9 100644 --- a/src/journal/test-journal.c +++ b/src/journal/test-journal.c @@ -113,5 +113,7 @@ int main(int argc, char *argv[]) { journal_directory_vacuum(".", 3000000, 0); + log_error("Exiting..."); + return 0; } -- 2.30.2