[systemd-commits] 2 commits - src/journal
Zbigniew Jędrzejewski-Szmek
zbyszek at kemper.freedesktop.org
Wed Aug 27 18:06:44 PDT 2014
src/journal/journal-file.c | 1 -
src/journal/journal-file.h | 7 ++++---
src/journal/sd-journal.c | 15 +++++++++++++++
3 files changed, 19 insertions(+), 4 deletions(-)
New commits:
commit 0f99f74a14ef193c1ebde687c5cc76e1d67b85ef
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Tue Aug 26 23:54:31 2014 -0400
sd-journal: verify that object start with the field name
If the journal is corrupted, we might return an object that does
not start with the expected field name and/or is shorter than it
should.
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index 986e94d..7286e14 100644
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -425,7 +425,6 @@ int journal_file_move_to_object(JournalFile *f, int type, uint64_t offset, Objec
if (!VALID64(offset))
return -EFAULT;
-
r = journal_file_move_to(f, type_to_context(type), false, offset, sizeof(ObjectHeader), &t);
if (r < 0)
return r;
diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c
index 80ff8fe..693707c 100644
--- a/src/journal/sd-journal.c
+++ b/src/journal/sd-journal.c
@@ -2571,6 +2571,21 @@ _public_ int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_
if (r < 0)
return r;
+ /* Check if we have at least the field name and "=". */
+ if (ol <= k) {
+ log_debug("%s:offset " OFSfmt ": object has size %zu, expected at least %zu",
+ j->unique_file->path, j->unique_offset,
+ ol, k + 1);
+ return -EBADMSG;
+ }
+
+ if (memcmp(odata, j->unique_field, k) || ((const char*) odata)[k] != '=') {
+ log_debug("%s:offset " OFSfmt ": object does not start with \"%s=\"",
+ j->unique_file->path, j->unique_offset,
+ j->unique_field);
+ return -EBADMSG;
+ }
+
/* OK, now let's see if we already returned this data
* object by checking if it exists in the earlier
* traversed files. */
commit 57cd09acf2c63a414aa2131c00a2b3f600eb0133
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Sat Aug 23 22:35:03 2014 -0400
sd-journal: properly convert object->size on big endian
mmap code crashes when attempting to map an object of zero size.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758392
https://bugs.freedesktop.org/show_bug.cgi?id=82894
diff --git a/src/journal/journal-file.h b/src/journal/journal-file.h
index 3d41682..da2ef3b 100644
--- a/src/journal/journal-file.h
+++ b/src/journal/journal-file.h
@@ -214,14 +214,15 @@ static unsigned type_to_context(int type) {
static inline int journal_file_object_keep(JournalFile *f, Object *o, uint64_t offset) {
unsigned context = type_to_context(o->object.type);
+ uint64_t s = le64toh(o->object.size);
return mmap_cache_get(f->mmap, f->fd, f->prot, context, true,
- offset, o->object.size, &f->last_stat, NULL);
+ offset, s, &f->last_stat, NULL);
}
static inline int journal_file_object_release(JournalFile *f, Object *o, uint64_t offset) {
unsigned context = type_to_context(o->object.type);
+ uint64_t s = le64toh(o->object.size);
- return mmap_cache_release(f->mmap, f->fd, f->prot, context,
- offset, o->object.size);
+ return mmap_cache_release(f->mmap, f->fd, f->prot, context, offset, s);
}
More information about the systemd-commits
mailing list