DEFINE_TRIVIAL_CLEANUP_FUNC(FSSHeader*, fssheader_free);
int journal_file_fss_load(JournalFile *f) {
- _cleanup_close_ int fd = -EBADF;
- _cleanup_free_ char *path = NULL;
- _cleanup_(fssheader_freep) FSSHeader *header = NULL;
- struct stat st;
- sd_id128_t machine;
int r;
assert(f);
/* This function is used to determine whether sealing should be enabled in the journal header so we
* can't check the header to check if sealing is enabled here. */
+ sd_id128_t machine;
r = sd_id128_get_machine(&machine);
if (r < 0)
return r;
+ _cleanup_free_ char *path = NULL;
if (asprintf(&path, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss",
SD_ID128_FORMAT_VAL(machine)) < 0)
return -ENOMEM;
- fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY, 0600);
+ _cleanup_close_ int fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY, 0600);
if (fd < 0) {
if (errno != ENOENT)
log_error_errno(errno, "Failed to open %s: %m", path);
return -errno;
}
+ struct stat st;
if (fstat(fd, &st) < 0)
return -errno;
if (st.st_size < (off_t) sizeof(FSSHeader))
return -ENODATA;
- header = mmap(NULL, PAGE_ALIGN(sizeof(FSSHeader)), PROT_READ, MAP_SHARED, fd, 0);
+ _cleanup_(fssheader_freep) FSSHeader *header =
+ mmap(NULL, PAGE_ALIGN(sizeof(FSSHeader)), PROT_READ, MAP_SHARED, fd, 0);
if (header == MAP_FAILED)
return -errno;
if (le64toh(header->fsprg_state_size) != FSPRG_stateinbytes(le16toh(header->fsprg_secpar)))
return -EBADMSG;
- f->fss_file_size = le64toh(header->header_size) + le64toh(header->fsprg_state_size);
- if ((uint64_t) st.st_size < f->fss_file_size)
+ uint64_t fss_file_size;
+ if (!ADD_SAFE(&fss_file_size, le64toh(header->header_size), le64toh(header->fsprg_state_size)))
+ return -EBADMSG;
+
+ if (fss_file_size >= SIZE_MAX)
+ return -EBADMSG;
+
+ if ((uint64_t) st.st_size < fss_file_size)
return -ENODATA;
if (!sd_id128_equal(machine, header->machine_id))
if (le64toh(header->start_usec) <= 0 || le64toh(header->interval_usec) <= 0)
return -EBADMSG;
- size_t sz = PAGE_ALIGN(f->fss_file_size);
- assert(sz < SIZE_MAX);
- f->fss_file = mmap(NULL, sz, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
- if (f->fss_file == MAP_FAILED) {
- f->fss_file = NULL;
+ size_t sz = PAGE_ALIGN(fss_file_size);
+ if (sz >= SIZE_MAX)
+ return -EBADMSG;
+
+ FSSHeader *p = mmap(NULL, sz, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
+ if (p == MAP_FAILED)
return -errno;
- }
- f->fss_start_usec = le64toh(f->fss_file->start_usec);
- f->fss_interval_usec = le64toh(f->fss_file->interval_usec);
+ f->fss_file_size = fss_file_size;
+ f->fss_file = p;
+
+ f->fss_start_usec = le64toh(p->start_usec);
+ f->fss_interval_usec = le64toh(p->interval_usec);
f->fsprg_state = IOVEC_MAKE(
- (uint8_t*) f->fss_file + le64toh(f->fss_file->header_size),
- le64toh(f->fss_file->fsprg_state_size));
+ (uint8_t*) p + le64toh(p->header_size),
+ le64toh(p->fsprg_state_size));
return 0;
}
int journal_file_parse_verification_key(JournalFile *f, const char *key) {
- _cleanup_(erase_and_freep) uint8_t *seed = NULL;
- size_t seed_size;
- const char *k;
int r;
assert(f);
assert(key);
- seed_size = FSPRG_RECOMMENDED_SEEDLEN;
- seed = malloc(seed_size);
+ size_t seed_size = FSPRG_RECOMMENDED_SEEDLEN;
+ _cleanup_(erase_and_freep) uint8_t *seed = malloc(seed_size);
if (!seed)
return -ENOMEM;
- k = key;
+ const char *k = key;
for (size_t c = 0; c < seed_size; c++) {
int x, y;
int journal_file_hmac_setup(JournalFile *f) {
#if HAVE_GCRYPT
- gcry_error_t e;
int r;
if (!JOURNAL_HEADER_SEALED(f->header))
if (r < 0)
return r;
- e = sym_gcry_md_open(&f->hmac, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
- if (e != 0)
+ if (sym_gcry_md_open(&f->hmac, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC) != 0)
return -EOPNOTSUPP;
return 0;
if (!JOURNAL_HEADER_SEALED(f->header))
return 0;
- if (!f->hmac_running) {
- r = journal_file_hmac_start(f);
- if (r < 0)
- return r;
- }
-
- assert(f->hmac);
+ r = journal_file_hmac_start(f);
+ if (r < 0)
+ return r;
Object *o;
uint64_t p;
uint64_t p;
int r;
+ assert(f);
+
if (!JOURNAL_HEADER_SEALED(f->header))
return 0;
if (r < 0)
return r;
- r = journal_file_append_tag(f);
- if (r < 0)
- return r;
-
- return 0;
+ return journal_file_append_tag(f);
}
int journal_file_maybe_append_tag(JournalFile *f, uint64_t realtime) {
projects / thirdparty / systemd.git / commitdiff
