From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 25 Jun 2026 16:23:46 +0000 (+0900)
Subject: journal-authenticate: check overflow
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0a12d5a60eb29408d32518774d37987bb40e22b8;p=thirdparty%2Fsystemd.git

journal-authenticate: check overflow
---

diff --git a/src/journal/journald.c b/src/journal/journald.c
index a06752d32e5..9ab5fdfdedb 100644
--- a/src/journal/journald.c
+++ b/src/journal/journald.c
@@ -114,7 +114,7 @@ static int run(int argc, char *argv[]) {
                 if (m->system_journal) {
                         usec_t u;
 
-                        if (journal_file_next_evolve_usec(m->system_journal, &u))
+                        if (journal_file_next_evolve_usec(m->system_journal, &u) >= 0)
                                 t = MIN(t, usec_sub_unsigned(u, n));
                 }
 #endif
diff --git a/src/libsystemd/sd-journal/journal-authenticate.c b/src/libsystemd/sd-journal/journal-authenticate.c
index 0acfb3260e8..46c76926c35 100644
--- a/src/libsystemd/sd-journal/journal-authenticate.c
+++ b/src/libsystemd/sd-journal/journal-authenticate.c
@@ -164,20 +164,34 @@ int journal_file_parse_verification_key(JournalFile *f, const char *key) {
         return 0;
 }
 
-bool journal_file_next_evolve_usec(JournalFile *f, usec_t *u) {
-        uint64_t epoch;
+static int journal_auth_epoch_to_realtime_usec(JournalFile *f, uint64_t epoch, usec_t *ret_start, usec_t *ret_end) {
+        assert(f);
+        assert(f->fss_start_usec > 0);
+        assert(f->fss_interval_usec > 0);
+
+        uint64_t start, end;
+        if (!MUL_SAFE(&start, epoch, f->fss_interval_usec) ||
+            !INC_SAFE(&start, f->fss_start_usec) ||
+            !ADD_SAFE(&end, start, f->fss_interval_usec))
+                return -ERANGE;
+
+        if (ret_start)
+                *ret_start = start;
+        if (ret_end)
+                *ret_end = end;
 
+        return 0;
+}
+
+int journal_file_next_evolve_usec(JournalFile *f, usec_t *ret) {
         assert(f);
-        assert(u);
 
         if (!JOURNAL_HEADER_SEALED(f->header))
-                return false;
-
-        epoch = FSPRG_GetEpoch(f->fsprg_state.iov_base);
+                return -EOPNOTSUPP;
 
-        *u = (usec_t) (f->fss_start_usec + f->fss_interval_usec * epoch + f->fss_interval_usec);
+        uint64_t epoch = FSPRG_GetEpoch(f->fsprg_state.iov_base);
 
-        return true;
+        return journal_auth_epoch_to_realtime_usec(f, epoch, /* ret_start= */ NULL, ret);
 }
 
 int journal_file_fsprg_seek(JournalFile *f, uint64_t goal) {
diff --git a/src/libsystemd/sd-journal/journal-authenticate.h b/src/libsystemd/sd-journal/journal-authenticate.h
index e18fe7faf9c..0dd2ef3bf62 100644
--- a/src/libsystemd/sd-journal/journal-authenticate.h
+++ b/src/libsystemd/sd-journal/journal-authenticate.h
@@ -18,4 +18,4 @@ int journal_file_parse_verification_key(JournalFile *f, const char *key);
 
 int journal_file_fsprg_seek(JournalFile *f, uint64_t goal);
 
-bool journal_file_next_evolve_usec(JournalFile *f, usec_t *u);
+int journal_file_next_evolve_usec(JournalFile *f, usec_t *ret);