From: Daan De Meyer Date: Thu, 11 Nov 2021 13:31:31 +0000 (+0000) Subject: journal: Don't allow creating invalid objects X-Git-Tag: v250-rc1~169 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bc6b326d48c245ea4b5033012574da89df933f4a;p=thirdparty%2Fsystemd.git journal: Don't allow creating invalid objects Let's not allow creating empty entry or data objects. Let's also not allow creating data objects from data without an embedded '=' character. --- diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c index b286ac54829..1fd7df61392 100644 --- a/src/libsystemd/sd-journal/journal-file.c +++ b/src/libsystemd/sd-journal/journal-file.c @@ -1660,14 +1660,15 @@ static int journal_file_append_data( const void *data, uint64_t size, Object **ret, uint64_t *ret_offset) { - uint64_t hash, p; - uint64_t osize; - Object *o; + uint64_t hash, p, fp, osize; + Object *o, *fo; int r, compression = 0; const void *eq; assert(f); - assert(data || size == 0); + + if (!data || size == 0) + return -EINVAL; hash = journal_file_hash_data(f, data, size); @@ -1685,6 +1686,10 @@ static int journal_file_append_data( return 0; } + eq = memchr(data, '=', size); + if (!eq) + return -EINVAL; + osize = offsetof(Object, data.payload) + size; r = journal_file_append_object(f, OBJECT_DATA, osize, &o, &p); if (r < 0) @@ -1729,23 +1734,14 @@ static int journal_file_append_data( if (r < 0) return r; - if (!data) - eq = NULL; - else - eq = memchr(data, '=', size); - if (eq && eq > data) { - Object *fo = NULL; - uint64_t fp; - - /* Create field object ... */ - r = journal_file_append_field(f, data, (uint8_t*) eq - (uint8_t*) data, &fo, &fp); - if (r < 0) - return r; + /* Create field object ... */ + r = journal_file_append_field(f, data, (uint8_t*) eq - (uint8_t*) data, &fo, &fp); + if (r < 0) + return r; - /* ... and link it in. */ - o->data.next_field_offset = fo->field.head_data_offset; - fo->field.head_data_offset = le64toh(p); - } + /* ... and link it in. */ + o->data.next_field_offset = fo->field.head_data_offset; + fo->field.head_data_offset = le64toh(p); if (ret) *ret = o; @@ -2125,7 +2121,7 @@ int journal_file_append_entry( assert(f); assert(f->header); - assert(iovec || n_iovec == 0); + assert(iovec && n_iovec > 0); if (ts) { if (!VALID_REALTIME(ts->realtime)) @@ -3917,6 +3913,9 @@ int journal_file_copy_entry(JournalFile *from, JournalFile *to, Object *o, uint6 } else data = o->data.payload; + if (l == 0) + return -EBADMSG; + r = journal_file_append_data(to, data, l, &u, &h); if (r < 0) return r; @@ -3936,8 +3935,7 @@ int journal_file_copy_entry(JournalFile *from, JournalFile *to, Object *o, uint6 return r; } - r = journal_file_append_entry_internal(to, &ts, boot_id, xor_hash, items, n, - NULL, NULL, NULL); + r = journal_file_append_entry_internal(to, &ts, boot_id, xor_hash, items, n, NULL, NULL, NULL); if (mmap_cache_fd_got_sigbus(to->cache_fd)) return -EIO; diff --git a/src/libsystemd/sd-journal/test-journal.c b/src/libsystemd/sd-journal/test-journal.c index fd3c4d99501..bf69111d44f 100644 --- a/src/libsystemd/sd-journal/test-journal.c +++ b/src/libsystemd/sd-journal/test-journal.c @@ -165,7 +165,7 @@ static bool check_compressed(uint64_t compress_threshold, uint64_t data_size) { Object *o; uint64_t p; char t[] = "/var/tmp/journal-XXXXXX"; - char data[2048] = {0}; + char data[2048] = "FIELD="; bool is_compressed; int r;