From 921fcd5d9e9088f735d939a8c0ea78d59665ff1c Mon Sep 17 00:00:00 2001 From: Vito Caputo Date: Sun, 29 Aug 2021 22:22:05 -0700 Subject: [PATCH] sd-journal: verify field object hashes journal_file_verify() doesn't actually verify field object hashes against their contents, despite journald storing a hash with the payload. This commit adds that verification. --- src/libsystemd/sd-journal/journal-verify.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/libsystemd/sd-journal/journal-verify.c b/src/libsystemd/sd-journal/journal-verify.c index a0f2fc8ab97..211fc2ed858 100644 --- a/src/libsystemd/sd-journal/journal-verify.c +++ b/src/libsystemd/sd-journal/journal-verify.c @@ -201,7 +201,10 @@ static int journal_file_object_verify(JournalFile *f, uint64_t offset, Object *o break; } - case OBJECT_FIELD: + case OBJECT_FIELD: { + uint64_t h1, h2; + int r; + if (le64toh(o->object.size) - offsetof(FieldObject, payload) <= 0) { error(offset, "Bad field size (<= %zu): %"PRIu64, @@ -210,6 +213,18 @@ static int journal_file_object_verify(JournalFile *f, uint64_t offset, Object *o return -EBADMSG; } + h1 = le64toh(o->field.hash); + r = hash_payload(f, o, offset, o->field.payload, + le64toh(o->object.size) - offsetof(Object, field.payload), + &h2); + if (r < 0) + return r; + + if (h1 != h2) { + error(offset, "Invalid hash (%08" PRIx64 " vs. %08" PRIx64 ")", h1, h2); + return -EBADMSG; + } + if (!VALID64(le64toh(o->field.next_hash_offset)) || !VALID64(le64toh(o->field.head_data_offset))) { error(offset, @@ -219,6 +234,7 @@ static int journal_file_object_verify(JournalFile *f, uint64_t offset, Object *o return -EBADMSG; } break; + } case OBJECT_ENTRY: if ((le64toh(o->object.size) - offsetof(EntryObject, items)) % sizeof(EntryItem) != 0) { -- 2.47.3