if (f->header->state >= _STATE_MAX)
return -EBADMSG;
- header_size = le64toh(f->header->header_size);
+ header_size = le64toh(READ_NOW(f->header->header_size));
/* The first addition was n_data, so check that we are at least this large */
if (header_size < HEADER_SIZE_MIN)
if (JOURNAL_HEADER_SEALED(f->header) && !JOURNAL_HEADER_CONTAINS(f->header, n_entry_arrays))
return -EBADMSG;
- arena_size = le64toh(f->header->arena_size);
+ arena_size = le64toh(READ_NOW(f->header->arena_size));
if (UINT64_MAX - header_size < arena_size || header_size + arena_size > (uint64_t) f->last_stat.st_size)
return -ENODATA;
}
static int journal_file_allocate(JournalFile *f, uint64_t offset, uint64_t size) {
- uint64_t old_size, new_size;
+ uint64_t old_size, new_size, old_header_size, old_arena_size;
int r;
assert(f);
assert(f->header);
- /* We assume that this file is not sparse, and we know that
- * for sure, since we always call posix_fallocate()
- * ourselves */
+ /* We assume that this file is not sparse, and we know that for sure, since we always call
+ * posix_fallocate() ourselves */
+
+ if (size > PAGE_ALIGN_DOWN(UINT64_MAX) - offset)
+ return -EINVAL;
if (mmap_cache_got_sigbus(f->mmap, f->cache_fd))
return -EIO;
- old_size =
- le64toh(f->header->header_size) +
- le64toh(f->header->arena_size);
+ old_header_size = le64toh(READ_NOW(f->header->header_size));
+ old_arena_size = le64toh(READ_NOW(f->header->arena_size));
+ if (old_arena_size > PAGE_ALIGN_DOWN(UINT64_MAX) - old_header_size)
+ return -EBADMSG;
+
+ old_size = old_header_size + old_arena_size;
- new_size = PAGE_ALIGN(offset + size);
- if (new_size < le64toh(f->header->header_size))
- new_size = le64toh(f->header->header_size);
+ new_size = MAX(PAGE_ALIGN(offset + size), old_header_size);
if (new_size <= old_size) {
if (r != 0)
return -r;
- f->header->arena_size = htole64(new_size - le64toh(f->header->header_size));
+ f->header->arena_size = htole64(new_size - old_header_size);
return journal_file_fstat(f);
}
return type > OBJECT_UNUSED && type < _OBJECT_TYPE_MAX ? type : 0;
}
-static int journal_file_move_to(JournalFile *f, ObjectType type, bool keep_always, uint64_t offset, uint64_t size, void **ret, size_t *ret_size) {
+static int journal_file_move_to(
+ JournalFile *f,
+ ObjectType type,
+ bool keep_always,
+ uint64_t offset,
+ uint64_t size,
+ void **ret,
+ size_t *ret_size) {
+
int r;
assert(f);
if (size <= 0)
return -EINVAL;
+ if (size > UINT64_MAX - offset)
+ return -EBADMSG;
+
/* Avoid SIGBUS on invalid accesses */
if (offset + size > (uint64_t) f->last_stat.st_size) {
/* Hmm, out of range? Let's refresh the fstat() data
le64toh(o->data.n_entries),
offset);
- if (le64toh(o->object.size) - offsetof(DataObject, payload) <= 0)
+ if (le64toh(o->object.size) <= offsetof(DataObject, payload))
return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
"Bad object size (<= %zu): %" PRIu64 ": %" PRIu64,
offsetof(DataObject, payload),
break;
case OBJECT_FIELD:
- if (le64toh(o->object.size) - offsetof(FieldObject, payload) <= 0)
+ if (le64toh(o->object.size) <= offsetof(FieldObject, payload))
return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
"Bad field size (<= %zu): %" PRIu64 ": %" PRIu64,
offsetof(FieldObject, payload),
offset);
break;
- case OBJECT_ENTRY:
- if ((le64toh(o->object.size) - offsetof(EntryObject, items)) % sizeof(EntryItem) != 0)
+ case OBJECT_ENTRY: {
+ uint64_t sz;
+
+ sz = le64toh(READ_NOW(o->object.size));
+ if (sz < offsetof(EntryObject, items) ||
+ (sz - offsetof(EntryObject, items)) % sizeof(EntryItem) != 0)
return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
"Bad entry size (<= %zu): %" PRIu64 ": %" PRIu64,
offsetof(EntryObject, items),
- le64toh(o->object.size),
+ sz,
offset);
- if ((le64toh(o->object.size) - offsetof(EntryObject, items)) / sizeof(EntryItem) <= 0)
+ if ((sz - offsetof(EntryObject, items)) / sizeof(EntryItem) <= 0)
return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
"Invalid number items in entry: %" PRIu64 ": %" PRIu64,
- (le64toh(o->object.size) - offsetof(EntryObject, items)) / sizeof(EntryItem),
+ (sz - offsetof(EntryObject, items)) / sizeof(EntryItem),
offset);
if (le64toh(o->entry.seqnum) <= 0)
offset);
break;
+ }
case OBJECT_DATA_HASH_TABLE:
- case OBJECT_FIELD_HASH_TABLE:
- if ((le64toh(o->object.size) - offsetof(HashTableObject, items)) % sizeof(HashItem) != 0 ||
- (le64toh(o->object.size) - offsetof(HashTableObject, items)) / sizeof(HashItem) <= 0)
+ case OBJECT_FIELD_HASH_TABLE: {
+ uint64_t sz;
+
+ sz = le64toh(READ_NOW(o->object.size));
+ if (sz < offsetof(HashTableObject, items) ||
+ (sz - offsetof(HashTableObject, items)) % sizeof(HashItem) != 0 ||
+ (sz - offsetof(HashTableObject, items)) / sizeof(HashItem) <= 0)
return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
"Invalid %s hash table size: %" PRIu64 ": %" PRIu64,
o->object.type == OBJECT_DATA_HASH_TABLE ? "data" : "field",
- le64toh(o->object.size),
+ sz,
offset);
break;
+ }
+
+ case OBJECT_ENTRY_ARRAY: {
+ uint64_t sz;
- case OBJECT_ENTRY_ARRAY:
- if ((le64toh(o->object.size) - offsetof(EntryArrayObject, items)) % sizeof(le64_t) != 0 ||
- (le64toh(o->object.size) - offsetof(EntryArrayObject, items)) / sizeof(le64_t) <= 0)
+ sz = le64toh(READ_NOW(o->object.size));
+ if (sz < offsetof(EntryArrayObject, items) ||
+ (sz - offsetof(EntryArrayObject, items)) % sizeof(le64_t) != 0 ||
+ (sz - offsetof(EntryArrayObject, items)) / sizeof(le64_t) <= 0)
return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
"Invalid object entry array size: %" PRIu64 ": %" PRIu64,
- le64toh(o->object.size),
+ sz,
offset);
if (!VALID64(le64toh(o->entry_array.next_entry_array_offset)))
offset);
break;
+ }
case OBJECT_TAG:
if (le64toh(o->object.size) != sizeof(TagObject))
return r;
o = (Object*) t;
- s = le64toh(o->object.size);
+ s = le64toh(READ_NOW(o->object.size));
if (s == 0)
return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
if (p == 0)
p = le64toh(f->header->header_size);
else {
+ uint64_t sz;
+
r = journal_file_move_to_object(f, OBJECT_UNUSED, p, &tail);
if (r < 0)
return r;
- p += ALIGN64(le64toh(tail->object.size));
+ sz = le64toh(READ_NOW(tail->object.size));
+ if (sz > UINT64_MAX - sizeof(uint64_t) + 1)
+ return -EBADMSG;
+
+ sz = ALIGN64(sz);
+ if (p > UINT64_MAX - sz)
+ return -EBADMSG;
+
+ p += sz;
}
r = journal_file_allocate(f, p, size);
return r;
o = (Object*) t;
-
- zero(o->object);
- o->object.type = type;
- o->object.size = htole64(size);
+ o->object = (ObjectHeader) {
+ .type = type,
+ .size = htole64(size),
+ };
f->header->tail_object_offset = htole64(p);
f->header->n_objects = htole64(le64toh(f->header->n_objects) + 1);
if (o->object.type != OBJECT_FIELD)
return -EINVAL;
- m = le64toh(f->header->field_hash_table_size) / sizeof(HashItem);
+ m = le64toh(READ_NOW(f->header->field_hash_table_size)) / sizeof(HashItem);
if (m <= 0)
return -EBADMSG;
if (o->object.type != OBJECT_DATA)
return -EINVAL;
- m = le64toh(f->header->data_hash_table_size) / sizeof(HashItem);
+ m = le64toh(READ_NOW(f->header->data_hash_table_size)) / sizeof(HashItem);
if (m <= 0)
return -EBADMSG;
osize = offsetof(Object, field.payload) + size;
- m = le64toh(f->header->field_hash_table_size) / sizeof(HashItem);
+ m = le64toh(READ_NOW(f->header->field_hash_table_size)) / sizeof(HashItem);
if (m <= 0)
return -EBADMSG;
osize = offsetof(Object, data.payload) + size;
- m = le64toh(f->header->data_hash_table_size) / sizeof(HashItem);
+ m = le64toh(READ_NOW(f->header->data_hash_table_size)) / sizeof(HashItem);
if (m <= 0)
return -EBADMSG;
uint64_t l;
size_t rsize = 0;
- l = le64toh(o->object.size);
+ l = le64toh(READ_NOW(o->object.size));
if (l <= offsetof(Object, data.payload))
return -EBADMSG;
}
uint64_t journal_file_entry_n_items(Object *o) {
+ uint64_t sz;
assert(o);
if (o->object.type != OBJECT_ENTRY)
return 0;
- return (le64toh(o->object.size) - offsetof(Object, entry.items)) / sizeof(EntryItem);
+ sz = le64toh(READ_NOW(o->object.size));
+ if (sz < offsetof(Object, entry.items))
+ return 0;
+
+ return (sz - offsetof(Object, entry.items)) / sizeof(EntryItem);
}
uint64_t journal_file_entry_array_n_items(Object *o) {
+ uint64_t sz;
+
assert(o);
if (o->object.type != OBJECT_ENTRY_ARRAY)
return 0;
- return (le64toh(o->object.size) - offsetof(Object, entry_array.items)) / sizeof(uint64_t);
+ sz = le64toh(READ_NOW(o->object.size));
+ if (sz < offsetof(Object, entry_array.items))
+ return 0;
+
+ return (sz - offsetof(Object, entry_array.items)) / sizeof(uint64_t);
}
uint64_t journal_file_hash_table_n_items(Object *o) {
+ uint64_t sz;
+
assert(o);
if (!IN_SET(o->object.type, OBJECT_DATA_HASH_TABLE, OBJECT_FIELD_HASH_TABLE))
return 0;
- return (le64toh(o->object.size) - offsetof(Object, hash_table.items)) / sizeof(HashItem);
+ sz = le64toh(READ_NOW(o->object.size));
+ if (sz < offsetof(Object, hash_table.items))
+ return 0;
+
+ return (sz - offsetof(Object, hash_table.items)) / sizeof(HashItem);
}
static int link_entry_into_array(JournalFile *f,
assert(p > 0);
a = le64toh(*first);
- i = hidx = le64toh(*idx);
+ i = hidx = le64toh(READ_NOW(*idx));
while (a > 0) {
r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o);
le64_t *idx,
uint64_t p) {
+ uint64_t hidx;
int r;
assert(f);
assert(idx);
assert(p > 0);
- if (*idx == 0)
+ hidx = le64toh(READ_NOW(*idx));
+ if (hidx == UINT64_MAX)
+ return -EBADMSG;
+ if (hidx == 0)
*extra = htole64(p);
else {
le64_t i;
- i = htole64(le64toh(*idx) - 1);
+ i = htole64(hidx - 1);
r = link_entry_into_array(f, first, &i, p);
if (r < 0)
return r;
}
- *idx = htole64(le64toh(*idx) + 1);
+ *idx = htole64(hidx + 1);
return 0;
}
static int journal_file_link_entry_item(JournalFile *f, Object *o, uint64_t offset, uint64_t i) {
uint64_t p;
int r;
+
assert(f);
assert(o);
assert(offset > 0);
p = le64toh(o->entry.items[i].object_offset);
- if (p == 0)
- return -EINVAL;
-
r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
if (r < 0)
return r;
}
static int test_object_seqnum(JournalFile *f, uint64_t p, uint64_t needle) {
+ uint64_t sq;
Object *o;
int r;
if (r < 0)
return r;
- if (le64toh(o->entry.seqnum) == needle)
+ sq = le64toh(READ_NOW(o->entry.seqnum));
+ if (sq == needle)
return TEST_FOUND;
- else if (le64toh(o->entry.seqnum) < needle)
+ else if (sq < needle)
return TEST_LEFT;
else
return TEST_RIGHT;
static int test_object_realtime(JournalFile *f, uint64_t p, uint64_t needle) {
Object *o;
+ uint64_t rt;
int r;
assert(f);
if (r < 0)
return r;
- if (le64toh(o->entry.realtime) == needle)
+ rt = le64toh(READ_NOW(o->entry.realtime));
+ if (rt == needle)
return TEST_FOUND;
- else if (le64toh(o->entry.realtime) < needle)
+ else if (rt < needle)
return TEST_LEFT;
else
return TEST_RIGHT;
static int test_object_monotonic(JournalFile *f, uint64_t p, uint64_t needle) {
Object *o;
+ uint64_t m;
int r;
assert(f);
if (r < 0)
return r;
- if (le64toh(o->entry.monotonic) == needle)
+ m = le64toh(READ_NOW(o->entry.monotonic));
+ if (m == needle)
return TEST_FOUND;
- else if (le64toh(o->entry.monotonic) < needle)
+ else if (m < needle)
return TEST_LEFT;
else
return TEST_RIGHT;
assert(f);
assert(f->header);
- n = le64toh(f->header->n_entries);
+ n = le64toh(READ_NOW(f->header->n_entries));
if (n <= 0)
return 0;
if (r < 0)
return r;
- n = le64toh(d->data.n_entries);
+ n = le64toh(READ_NOW(d->data.n_entries));
if (n <= 0)
return n;
journal_file_print_header(f);
- p = le64toh(f->header->header_size);
+ p = le64toh(READ_NOW(f->header->header_size));
while (p != 0) {
r = journal_file_move_to_object(f, OBJECT_UNUSED, p, &o);
if (r < 0)
if (p == le64toh(f->header->tail_object_offset))
p = 0;
else
- p = p + ALIGN64(le64toh(o->object.size));
+ p += ALIGN64(le64toh(o->object.size));
}
return;
if (le_hash != o->data.hash)
return -EBADMSG;
- l = le64toh(o->object.size) - offsetof(Object, data.payload);
+ l = le64toh(READ_NOW(o->object.size));
+ if (l < offsetof(Object, data.payload))
+ return -EBADMSG;
+
+ l -= offsetof(Object, data.payload);
t = (size_t) l;
/* We hit the limit on 32bit machines */
journal_file_reset_location(f);
}
-static void reset_location(sd_journal *j) {
- assert(j);
-
- detach_location(j);
- zero(j->current_location);
-}
-
static void init_location(Location *l, LocationType type, JournalFile *f, Object *o) {
assert(l);
assert(IN_SET(type, LOCATION_DISCRETE, LOCATION_SEEK));
assert(f);
- assert(o->object.type == OBJECT_ENTRY);
-
- l->type = type;
- l->seqnum = le64toh(o->entry.seqnum);
- l->seqnum_id = f->header->seqnum_id;
- l->realtime = le64toh(o->entry.realtime);
- l->monotonic = le64toh(o->entry.monotonic);
- l->boot_id = o->entry.boot_id;
- l->xor_hash = le64toh(o->entry.xor_hash);
- l->seqnum_set = l->realtime_set = l->monotonic_set = l->xor_hash_set = true;
+ *l = (Location) {
+ .type = type,
+ .seqnum = le64toh(o->entry.seqnum),
+ .seqnum_id = f->header->seqnum_id,
+ .realtime = le64toh(o->entry.realtime),
+ .monotonic = le64toh(o->entry.monotonic),
+ .boot_id = o->entry.boot_id,
+ .xor_hash = le64toh(o->entry.xor_hash),
+ .seqnum_set = true,
+ .realtime_set = true,
+ .monotonic_set = true,
+ .xor_hash_set = true,
+ };
}
static void set_location(sd_journal *j, JournalFile *f, Object *o) {
!realtime_set)
return -EINVAL;
- reset_location(j);
-
- j->current_location.type = LOCATION_SEEK;
+ detach_location(j);
+ j->current_location = (Location) {
+ .type = LOCATION_SEEK,
+ };
if (realtime_set) {
j->current_location.realtime = (uint64_t) realtime;
assert_return(j, -EINVAL);
assert_return(!journal_pid_changed(j), -ECHILD);
- reset_location(j);
- j->current_location.type = LOCATION_SEEK;
- j->current_location.boot_id = boot_id;
- j->current_location.monotonic = usec;
- j->current_location.monotonic_set = true;
+ detach_location(j);
+
+ j->current_location = (Location) {
+ .type = LOCATION_SEEK,
+ .boot_id = boot_id,
+ .monotonic = usec,
+ .monotonic_set = true,
+ };
return 0;
}
assert_return(j, -EINVAL);
assert_return(!journal_pid_changed(j), -ECHILD);
- reset_location(j);
- j->current_location.type = LOCATION_SEEK;
- j->current_location.realtime = usec;
- j->current_location.realtime_set = true;
+ detach_location(j);
+
+ j->current_location = (Location) {
+ .type = LOCATION_SEEK,
+ .realtime = usec,
+ .realtime_set = true,
+ };
return 0;
}
assert_return(j, -EINVAL);
assert_return(!journal_pid_changed(j), -ECHILD);
- reset_location(j);
- j->current_location.type = LOCATION_HEAD;
+ detach_location(j);
+
+ j->current_location = (Location) {
+ .type = LOCATION_HEAD,
+ };
return 0;
}
assert_return(j, -EINVAL);
assert_return(!journal_pid_changed(j), -ECHILD);
- reset_location(j);
- j->current_location.type = LOCATION_TAIL;
+ detach_location(j);
+
+ j->current_location = (Location) {
+ .type = LOCATION_TAIL,
+ };
return 0;
}
uint64_t l;
int compression;
- l = le64toh(o->object.size) - offsetof(Object, data.payload);
+ l = le64toh(READ_NOW(o->object.size));
+ if (l < offsetof(Object, data.payload))
+ return -EBADMSG;
+ l -= offsetof(Object, data.payload);
t = (size_t) l;
/* We can't read objects larger than 4G on a 32bit machine */
projects / thirdparty / systemd.git / commitdiff
