From: Vito Caputo Date: Mon, 30 Aug 2021 05:22:05 +0000 (-0700) Subject: sd-journal: verify field object hashes X-Git-Tag: v250-rc1~744^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F20575%2Fhead;p=thirdparty%2Fsystemd.git sd-journal: verify field object hashes journal_file_verify() doesn't actually verify field object hashes against their contents, despite journald storing a hash with the payload. This commit adds that verification. --- diff --git a/src/libsystemd/sd-journal/journal-verify.c b/src/libsystemd/sd-journal/journal-verify.c index a0f2fc8ab97..211fc2ed858 100644 --- a/src/libsystemd/sd-journal/journal-verify.c +++ b/src/libsystemd/sd-journal/journal-verify.c @@ -201,7 +201,10 @@ static int journal_file_object_verify(JournalFile *f, uint64_t offset, Object *o break; } - case OBJECT_FIELD: + case OBJECT_FIELD: { + uint64_t h1, h2; + int r; + if (le64toh(o->object.size) - offsetof(FieldObject, payload) <= 0) { error(offset, "Bad field size (<= %zu): %"PRIu64, @@ -210,6 +213,18 @@ static int journal_file_object_verify(JournalFile *f, uint64_t offset, Object *o return -EBADMSG; } + h1 = le64toh(o->field.hash); + r = hash_payload(f, o, offset, o->field.payload, + le64toh(o->object.size) - offsetof(Object, field.payload), + &h2); + if (r < 0) + return r; + + if (h1 != h2) { + error(offset, "Invalid hash (%08" PRIx64 " vs. %08" PRIx64 ")", h1, h2); + return -EBADMSG; + } + if (!VALID64(le64toh(o->field.next_hash_offset)) || !VALID64(le64toh(o->field.head_data_offset))) { error(offset, @@ -219,6 +234,7 @@ static int journal_file_object_verify(JournalFile *f, uint64_t offset, Object *o return -EBADMSG; } break; + } case OBJECT_ENTRY: if ((le64toh(o->object.size) - offsetof(EntryObject, items)) % sizeof(EntryItem) != 0) {