sd-journal: verify field object hashes

journal_file_verify() doesn't actually verify field object hashes
against their contents, despite journald storing a hash with the
payload.  This commit adds that verification.

diff --git a/src/libsystemd/sd-journal/journal-verify.c b/src/libsystemd/sd-journal/journal-verify.c
index a0f2fc8ab975c4be98510d5fb10e02394ce3df92..211fc2ed858857f78133357acf9443ea891a0478 100644 (file)
--- a/src/libsystemd/sd-journal/journal-verify.c
+++ b/src/libsystemd/sd-journal/journal-verify.c
@@ -201,7 +201,10 @@ static int journal_file_object_verify(JournalFile *f, uint64_t offset, Object *o
                 break;
         }
 
-        case OBJECT_FIELD:
+        case OBJECT_FIELD: {
+                uint64_t h1, h2;
+                int r;
+
                 if (le64toh(o->object.size) - offsetof(FieldObject, payload) <= 0) {
                         error(offset,
                               "Bad field size (<= %zu): %"PRIu64,
@@ -210,6 +213,18 @@ static int journal_file_object_verify(JournalFile *f, uint64_t offset, Object *o
                         return -EBADMSG;
                 }
 
+                h1 = le64toh(o->field.hash);
+                r = hash_payload(f, o, offset, o->field.payload,
+                                 le64toh(o->object.size) - offsetof(Object, field.payload),
+                                 &h2);
+                if (r < 0)
+                        return r;
+
+                if (h1 != h2) {
+                        error(offset, "Invalid hash (%08" PRIx64 " vs. %08" PRIx64 ")", h1, h2);
+                        return -EBADMSG;
+                }
+
                 if (!VALID64(le64toh(o->field.next_hash_offset)) ||
                     !VALID64(le64toh(o->field.head_data_offset))) {
                         error(offset,
@@ -219,6 +234,7 @@ static int journal_file_object_verify(JournalFile *f, uint64_t offset, Object *o
                         return -EBADMSG;
                 }
                 break;
+        }
 
         case OBJECT_ENTRY:
                 if ((le64toh(o->object.size) - offsetof(EntryObject, items)) % sizeof(EntryItem) != 0) {