journal: Don't try to write garbage if journal entry is corrupted

If journal_file_data_payload() returns -EBADMSG or -EADDRNOTAVAIL,
we skip the entry and go to the next entry, but we never modify
the number of items that we pass to journal_file_append_entry_internal()
if that happens, which means we could try to append garbage to the
journal file.

Let's keep track of the number of fields we've appended to avoid this
problem.

diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c
index 3753e29d0d313c83b9054d8e73b7b81fcd2611ff..bafd2bae80d2e0d08cce558ca898fb19ed13903e 100644 (file)
--- a/src/libsystemd/sd-journal/journal-file.c
+++ b/src/libsystemd/sd-journal/journal-file.c
@@ -4168,7 +4168,7 @@ int journal_file_copy_entry(
 
         _cleanup_free_ EntryItem *items_alloc = NULL;
         EntryItem *items;
-        uint64_t q, n, xor_hash = 0;
+        uint64_t q, n, m = 0, xor_hash = 0;
         const sd_id128_t *boot_id;
         dual_timestamp ts;
         int r;
@@ -4227,7 +4227,7 @@ int journal_file_copy_entry(
                 else
                         xor_hash ^= le64toh(u->data.hash);
 
-                items[i] = (EntryItem) {
+                items[m++] = (EntryItem) {
                         .object_offset = h,
                         .hash = le64toh(u->data.hash),
                 };
@@ -4240,6 +4240,9 @@ int journal_file_copy_entry(
                         return r;
         }
 
+        if (m == 0)
+                return 0;
+
         r = journal_file_append_entry_internal(
                         to,
                         &ts,
@@ -4247,7 +4250,7 @@ int journal_file_copy_entry(
                         &from->header->machine_id,
                         xor_hash,
                         items,
-                        n,
+                        m,
                         seqnum,
                         seqnum_id,
                         /* ret_object= */ NULL,