From: Yu Watanabe Date: Wed, 18 Oct 2023 05:32:17 +0000 (+0900) Subject: tree-wide: check results of PAGE_ALIGN() X-Git-Tag: v255-rc1~156^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cbdac0c33a47e589b61717c66bc1dbb429608fcb;p=thirdparty%2Fsystemd.git tree-wide: check results of PAGE_ALIGN() Fixes CID#1491282, CID#1491283, CID#1491285, CID#1491288. --- diff --git a/src/basic/argv-util.c b/src/basic/argv-util.c index 6c88dcc2ee9..a2bcc446787 100644 --- a/src/basic/argv-util.c +++ b/src/basic/argv-util.c @@ -81,6 +81,9 @@ static int update_argv(const char name[], size_t l) { static int can_do = -1; int r; + assert(name); + assert(l < SIZE_MAX); + if (can_do == 0) return 0; can_do = false; /* We'll set it to true only if the whole process works */ @@ -102,6 +105,9 @@ static int update_argv(const char name[], size_t l) { char *nn; nn_size = PAGE_ALIGN(l+1); + if (nn_size >= SIZE_MAX) + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "The requested argument is too long."); + nn = mmap(NULL, nn_size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); if (nn == MAP_FAILED) return log_debug_errno(errno, "mmap() failed: %m"); diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c index 4888c38fdb0..abb20c8032d 100644 --- a/src/journal/journald-native.c +++ b/src/journal/journald-native.c @@ -405,6 +405,7 @@ void server_process_native_file( /* The file is sealed, we can just map it and use it. */ ps = PAGE_ALIGN(st.st_size); + assert(ps < SIZE_MAX); p = mmap(NULL, ps, PROT_READ, MAP_PRIVATE, fd, 0); if (p == MAP_FAILED) { log_ratelimit_error_errno(errno, JOURNAL_LOG_RATELIMIT, diff --git a/src/libsystemd/sd-bus/bus-kernel.c b/src/libsystemd/sd-bus/bus-kernel.c index b553f153968..d7ff83441b7 100644 --- a/src/libsystemd/sd-bus/bus-kernel.c +++ b/src/libsystemd/sd-bus/bus-kernel.c @@ -27,8 +27,11 @@ #include "memory-util.h" void close_and_munmap(int fd, void *address, size_t size) { - if (size > 0) - assert_se(munmap(address, PAGE_ALIGN(size)) >= 0); + if (size > 0) { + size = PAGE_ALIGN(size); + assert(size < SIZE_MAX); + assert_se(munmap(address, size) >= 0); + } safe_close(fd); } diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c index f1cf6a8cc47..b2d2597e433 100644 --- a/src/libsystemd/sd-bus/bus-message.c +++ b/src/libsystemd/sd-bus/bus-message.c @@ -2490,6 +2490,8 @@ int bus_body_part_map(struct bus_body_part *part) { shift = PAGE_OFFSET(part->memfd_offset); psz = PAGE_ALIGN(part->size + shift); + if (psz >= SIZE_MAX) + return -EFBIG; if (part->memfd >= 0) p = mmap(NULL, psz, PROT_READ, MAP_PRIVATE, part->memfd, part->memfd_offset - shift); diff --git a/src/libsystemd/sd-journal/journal-authenticate.c b/src/libsystemd/sd-journal/journal-authenticate.c index 42af483d22f..10e5eafbfcf 100644 --- a/src/libsystemd/sd-journal/journal-authenticate.c +++ b/src/libsystemd/sd-journal/journal-authenticate.c @@ -379,7 +379,9 @@ int journal_file_fss_load(JournalFile *f) { if (le64toh(header->start_usec) <= 0 || le64toh(header->interval_usec) <= 0) return -EBADMSG; - f->fss_file = mmap(NULL, PAGE_ALIGN(f->fss_file_size), PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0); + size_t sz = PAGE_ALIGN(f->fss_file_size); + assert(sz < SIZE_MAX); + f->fss_file = mmap(NULL, sz, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0); if (f->fss_file == MAP_FAILED) { f->fss_file = NULL; return -errno; diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c index d138e380963..334a28f9486 100644 --- a/src/libsystemd/sd-journal/journal-file.c +++ b/src/libsystemd/sd-journal/journal-file.c @@ -302,9 +302,11 @@ JournalFile* journal_file_close(JournalFile *f) { #endif #if HAVE_GCRYPT - if (f->fss_file) - munmap(f->fss_file, PAGE_ALIGN(f->fss_file_size)); - else + if (f->fss_file) { + size_t sz = PAGE_ALIGN(f->fss_file_size); + assert(sz < SIZE_MAX); + munmap(f->fss_file, sz); + } else free(f->fsprg_state); free(f->fsprg_seed);