[systemd-bugs] [Bug 89040] New: journal export allows field injection

Mon Feb 9 03:58:52 PST 2015

https://bugs.freedesktop.org/show_bug.cgi?id=89040

            Bug ID: 89040
           Summary: journal export allows field injection
           Product: systemd
           Version: unspecified
          Hardware: All
                OS: Linux (All)
            Status: NEW
          Severity: normal
          Priority: medium
         Component: general
          Assignee: systemd-bugs at lists.freedesktop.org
          Reporter: geoffsheep.johnstonefrog at googlemail.com
        QA Contact: systemd-bugs at lists.freedesktop.org

The specification says that fields are exported as strings iff they're
printable ASCII (>= 32, < 127). However, the implementation (on RHEL7 at any
rate, and by inspection in the current git master) decides this with
"utf8_is_printable_newline", which will use string export if the data are valid
UTF-8 codepoints, or tab, or newline.

Apart from the inconsistency here, allowing newline lets us do things like
this:

  sd_journal_send("MESSAGE=bar\n_UID=99")

which, when exported, gives:

  ...
  CODE_LINE=9
  MESSAGE=bar
  _UID=99
  _PID=9045
  ..

i.e. formally ambiguous, grammatically.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-bugs/attachments/20150209/96932e9a/attachment.html>