journald: add additional simple static tests to verifier

author: Lennart Poettering <lennart@poettering.net> 2012-08-18 00:37:21 +0200
committer: Lennart Poettering <lennart@poettering.net> 2012-08-18 00:37:21 +0200
commit: db11ac1ab56bc13514a029e7d126c5efe2c68bc2 (patch)
tree: 3b8506431e56d2b89bca4c817fb26429f5946c30 /src/journal/journal-file.c
parent: a0108012974558c5a7dcf8c76456be6a07b0e95d (diff)
1 files changed, 17 insertions, 1 deletions
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index 08d4285d0e..3cf28a7f3c 100644
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -203,6 +203,9 @@ static int journal_file_verify_header(JournalFile *f) {
 #endif
         }
 
+        if (f->header->state >= _STATE_MAX)
+                return -EBADMSG;
+
         /* The first addition was n_data, so check that we are at least this large */
         if (le64toh(f->header->header_size) < HEADER_SIZE_MIN)
                 return -EBADMSG;
@@ -211,7 +214,16 @@ static int journal_file_verify_header(JournalFile *f) {
                 !JOURNAL_HEADER_CONTAINS(f->header, n_entry_arrays))
                 return -EBADMSG;
 
-        if ((uint64_t) f->last_stat.st_size < (le64toh(f->header->header_size) + le64toh(f->header->arena_size)))
+        if ((le64toh(f->header->header_size) + le64toh(f->header->arena_size)) > (uint64_t) f->last_stat.st_size)
+                return -ENODATA;
+
+        if (le64toh(f->header->tail_object_offset) > (le64toh(f->header->header_size) + le64toh(f->header->arena_size)))
+                return -ENODATA;
+
+        if (!VALID64(f->header->data_hash_table_offset) ||
+            !VALID64(f->header->field_hash_table_offset) ||
+            !VALID64(f->header->tail_object_offset) ||
+            !VALID64(f->header->entry_array_offset))
                 return -ENODATA;
 
         if (f->writable) {
@@ -351,6 +363,10 @@ int journal_file_move_to_object(JournalFile *f, int type, uint64_t offset, Objec
         assert(f);
         assert(ret);
 
+        /* Objects may only be located at multiple of 64 bit */
+        if (!VALID64(offset))
+                return -EFAULT;
+
         /* One context for each type, plus one catch-all for the rest */
         context = type > 0 && type < _OBJECT_TYPE_MAX ? type : 0;
author	Lennart Poettering <lennart@poettering.net>	2012-08-18 00:37:21 +0200
committer	Lennart Poettering <lennart@poettering.net>	2012-08-18 00:37:21 +0200
commit	db11ac1ab56bc13514a029e7d126c5efe2c68bc2 (patch)
tree	3b8506431e56d2b89bca4c817fb26429f5946c30 /src/journal/journal-file.c
parent	a0108012974558c5a7dcf8c76456be6a07b0e95d (diff)