From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 27 Jun 2026 05:08:03 +0000 (+0900)
Subject: journal-authenticate: refuse invalid start and interval parameters
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=79acf8894bb217fca3343fba69537898e62d773f;p=thirdparty%2Fsystemd.git

journal-authenticate: refuse invalid start and interval parameters

We have already checked that in journal_file_fss_load().
Let's also check the same in loading user provided key.
---

diff --git a/src/libsystemd/sd-journal/journal-authenticate.c b/src/libsystemd/sd-journal/journal-authenticate.c
index ff241fa0cb0..2d652294950 100644
--- a/src/libsystemd/sd-journal/journal-authenticate.c
+++ b/src/libsystemd/sd-journal/journal-authenticate.c
@@ -496,7 +496,6 @@ int journal_file_parse_verification_key(JournalFile *f, const char *key) {
         _cleanup_(erase_and_freep) uint8_t *seed = NULL;
         size_t seed_size;
         const char *k;
-        unsigned long long start, interval;
         int r;
 
         assert(f);
@@ -530,12 +529,20 @@ int journal_file_parse_verification_key(JournalFile *f, const char *key) {
                 return -EKEYREJECTED;
         k++;
 
-        r = sscanf(k, "%llx-%llx", &start, &interval);
+        uint64_t start, interval;
+        r = sscanf(k, "%"PRIx64"-%"PRIx64, &start, &interval);
         if (r != 2)
                 return -EKEYREJECTED;
 
+        if (start == 0 || interval == 0)
+                return -EKEYREJECTED;
+
+        uint64_t start_usec;
+        if (!MUL_SAFE(&start_usec, start, interval))
+                return -EKEYREJECTED;
+
         f->fsprg_seed = IOVEC_MAKE(TAKE_PTR(seed), seed_size);
-        f->fss_start_usec = start * interval;
+        f->fss_start_usec = start_usec;
         f->fss_interval_usec = interval;
 
         return 0;