summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2011-12-28 01:53:06 +0100
committerLennart Poettering <lennart@poettering.net>2011-12-28 01:53:06 +0100
commit2a59ea54f136f8fcf6a4e1bdfc51448c81281a3e (patch)
tree890a2360ca953e0191b430002c0b3cefc54dfa0e
parent9cfb57c989b62d11c073c77179df4bb7fa19f35d (diff)
journal: never mmap beyond file size
-rw-r--r--src/journal/journal-file.c13
-rw-r--r--src/journal/sd-journal.h8
2 files changed, 20 insertions, 1 deletions
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index 80775e1acf..6c7718de31 100644
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -241,6 +241,10 @@ static int journal_file_map(
wsize = size + (offset - woffset);
wsize = PAGE_ALIGN(wsize);
+ /* Avoid SIGBUS on invalid accesses */
+ if (woffset + wsize > (uint64_t) PAGE_ALIGN(f->last_stat.st_size))
+ return -EADDRNOTAVAIL;
+
window = mmap(NULL, wsize, f->prot, MAP_SHARED, f->fd, woffset);
if (window == MAP_FAILED)
return -errno;
@@ -305,6 +309,15 @@ static int journal_file_move_to(JournalFile *f, int wt, uint64_t offset, uint64_
} else
delta = 0;
+ if (offset > (uint64_t) f->last_stat.st_size)
+ return -EADDRNOTAVAIL;
+
+ if (offset + size > (uint64_t) f->last_stat.st_size)
+ size = PAGE_ALIGN((uint64_t) f->last_stat.st_size - offset);
+
+ if (size <= 0)
+ return -EADDRNOTAVAIL;
+
r = journal_file_map(f,
offset, size,
&w->ptr, &w->offset, &w->size,
diff --git a/src/journal/sd-journal.h b/src/journal/sd-journal.h
index 9872e9c29c..7f9f78598b 100644
--- a/src/journal/sd-journal.h
+++ b/src/journal/sd-journal.h
@@ -36,8 +36,14 @@
* - extend hash tables table as we go
* - accelerate looking for "all hostnames" and suchlike.
* - cryptographic hash
- * - never access beyond fle size check
* - OR of matches is borked...
+ * - flush /run to /var
+ * - hookup with systemctl
+ * - local deserializer
+ * - think about manipulations of header
+ * - http server
+ * - handle incomplete header
+ * - message catalog
*/
/* Write to daemon */