diff options
author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2023-04-26 13:21:55 +0200 |
---|---|---|
committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2023-04-26 20:46:25 +0900 |
commit | f81409f844ae8077f7ee7664871f73fa7d440581 (patch) | |
tree | de9ff34e4023ef7e062c52968f3bcdff90f91644 | |
parent | 22148897cfa5cf06c19cead3d917e00721cb39cc (diff) | |
download | systemd-f81409f844ae8077f7ee7664871f73fa7d440581.tar.gz |
journal: Don't try to write garbage if journal entry is corrupted
If journal_file_data_payload() returns -EBADMSG or -EADDRNOTAVAIL,
we skip the entry and go to the next entry, but we never modify
the number of items that we pass to journal_file_append_entry_internal()
if that happens, which means we could try to append garbage to the
journal file.
Let's keep track of the number of fields we've appended to avoid this
problem.
-rw-r--r-- | src/libsystemd/sd-journal/journal-file.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c index 3753e29d0d..bafd2bae80 100644 --- a/src/libsystemd/sd-journal/journal-file.c +++ b/src/libsystemd/sd-journal/journal-file.c @@ -4168,7 +4168,7 @@ int journal_file_copy_entry( _cleanup_free_ EntryItem *items_alloc = NULL; EntryItem *items; - uint64_t q, n, xor_hash = 0; + uint64_t q, n, m = 0, xor_hash = 0; const sd_id128_t *boot_id; dual_timestamp ts; int r; @@ -4227,7 +4227,7 @@ int journal_file_copy_entry( else xor_hash ^= le64toh(u->data.hash); - items[i] = (EntryItem) { + items[m++] = (EntryItem) { .object_offset = h, .hash = le64toh(u->data.hash), }; @@ -4240,6 +4240,9 @@ int journal_file_copy_entry( return r; } + if (m == 0) + return 0; + r = journal_file_append_entry_internal( to, &ts, @@ -4247,7 +4250,7 @@ int journal_file_copy_entry( &from->header->machine_id, xor_hash, items, - n, + m, seqnum, seqnum_id, /* ret_object= */ NULL, |