Commit 7762e02b authored by Lennart Poettering's avatar Lennart Poettering
Browse files

journald: detect invalid header pointers correctly

parent 9d576438
......@@ -221,10 +221,16 @@ static int journal_file_verify_header(JournalFile *f) {
if (le64toh(f->header->tail_object_offset) > (le64toh(f->header->header_size) + le64toh(f->header->arena_size)))
return -ENODATA;
if (!VALID64(f->header->data_hash_table_offset) ||
!VALID64(f->header->field_hash_table_offset) ||
!VALID64(f->header->tail_object_offset) ||
!VALID64(f->header->entry_array_offset))
if (!VALID64(le64toh(f->header->data_hash_table_offset)) ||
!VALID64(le64toh(f->header->field_hash_table_offset)) ||
!VALID64(le64toh(f->header->tail_object_offset)) ||
!VALID64(le64toh(f->header->entry_array_offset)))
return -ENODATA;
if (le64toh(f->header->data_hash_table_offset) < le64toh(f->header->header_size) ||
le64toh(f->header->field_hash_table_offset) < le64toh(f->header->header_size) ||
le64toh(f->header->tail_object_offset) < le64toh(f->header->header_size) ||
le64toh(f->header->entry_array_offset) < le64toh(f->header->header_size))
return -ENODATA;
if (f->writable) {
......@@ -323,6 +329,9 @@ static int journal_file_move_to(JournalFile *f, int context, bool keep_always, u
assert(f);
assert(ret);
if (size <= 0)
return -EINVAL;
/* Avoid SIGBUS on invalid accesses */
if (offset + size > (uint64_t) f->last_stat.st_size) {
/* Hmm, out of range? Let's refresh the fstat() data
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment