diff options
author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2023-04-26 13:21:55 +0200 |
---|---|---|
committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2023-04-26 20:46:25 +0900 |
commit | f81409f844ae8077f7ee7664871f73fa7d440581 (patch) | |
tree | de9ff34e4023ef7e062c52968f3bcdff90f91644 /src/libsystemd/sd-journal | |
parent | 22148897cfa5cf06c19cead3d917e00721cb39cc (diff) | |
download | systemd-f81409f844ae8077f7ee7664871f73fa7d440581.tar.gz |
journal: Don't try to write garbage if journal entry is corrupted
If journal_file_data_payload() returns -EBADMSG or -EADDRNOTAVAIL,
we skip the entry and go to the next entry, but we never modify
the number of items that we pass to journal_file_append_entry_internal()
if that happens, which means we could try to append garbage to the
journal file.
Let's keep track of the number of fields we've appended to avoid this
problem.
Diffstat (limited to 'src/libsystemd/sd-journal')
-rw-r--r-- | src/libsystemd/sd-journal/journal-file.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c index 3753e29d0d..bafd2bae80 100644 --- a/src/libsystemd/sd-journal/journal-file.c +++ b/src/libsystemd/sd-journal/journal-file.c @@ -4168,7 +4168,7 @@ int journal_file_copy_entry( _cleanup_free_ EntryItem *items_alloc = NULL; EntryItem *items; - uint64_t q, n, xor_hash = 0; + uint64_t q, n, m = 0, xor_hash = 0; const sd_id128_t *boot_id; dual_timestamp ts; int r; @@ -4227,7 +4227,7 @@ int journal_file_copy_entry( else xor_hash ^= le64toh(u->data.hash); - items[i] = (EntryItem) { + items[m++] = (EntryItem) { .object_offset = h, .hash = le64toh(u->data.hash), }; @@ -4240,6 +4240,9 @@ int journal_file_copy_entry( return r; } + if (m == 0) + return 0; + r = journal_file_append_entry_internal( to, &ts, @@ -4247,7 +4250,7 @@ int journal_file_copy_entry( &from->header->machine_id, xor_hash, items, - n, + m, seqnum, seqnum_id, /* ret_object= */ NULL, |