sd-journal: verify that object start with the field name

If the journal is corrupted, we might return an object that does
not start with the expected field name and/or is shorter than it
should.

1 files changed, 15 insertions, 0 deletions

diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c
index 80ff8fef57..693707cb34 100644
--- a/src/journal/sd-journal.c
+++ b/src/journal/sd-journal.c
@@ -2571,6 +2571,21 @@ _public_ int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_
                 if (r < 0)
                         return r;
 
+                /* Check if we have at least the field name and "=". */
+                if (ol <= k) {
+                        log_debug("%s:offset " OFSfmt ": object has size %zu, expected at least %zu",
+                                  j->unique_file->path, j->unique_offset,
+                                  ol, k + 1);
+                        return -EBADMSG;
+                }
+
+                if (memcmp(odata, j->unique_field, k) || ((const char*) odata)[k] != '=') {
+                        log_debug("%s:offset " OFSfmt ": object does not start with \"%s=\"",
+                                  j->unique_file->path, j->unique_offset,
+                                  j->unique_field);
+                        return -EBADMSG;
+                }
+
                 /* OK, now let's see if we already returned this data
                  * object by checking if it exists in the earlier
                  * traversed files. */