summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/journal/fsprg.c2
-rw-r--r--src/journal/journal-file.h15
-rw-r--r--src/journal/journal-verify.c9
3 files changed, 23 insertions, 3 deletions
diff --git a/src/journal/fsprg.c b/src/journal/fsprg.c
index 34ce3be96b..2190b7c796 100644
--- a/src/journal/fsprg.c
+++ b/src/journal/fsprg.c
@@ -160,7 +160,7 @@ static gcry_mpi_t twopowmodphi(uint64_t m, const gcry_mpi_t p) {
gcry_mpi_sub_ui(phi, p, 1);
/* count number of used bits in m */
- for (n = 0; ((uint64_t)1 << n) <= m; n++)
+ for (n = 0; (1ULL << n) <= m; n++)
;
r = gcry_mpi_new(0);
diff --git a/src/journal/journal-file.h b/src/journal/journal-file.h
index e2ef03347c..7358173e7a 100644
--- a/src/journal/journal-file.h
+++ b/src/journal/journal-file.h
@@ -119,6 +119,21 @@ int journal_file_open_reliably(
#define ALIGN64(x) (((x) + 7ULL) & ~7ULL)
#define VALID64(x) (((x) & 7ULL) == 0ULL)
+static inline bool VALID_REALTIME(uint64_t u) {
+ /* This considers timestamps until the year 3112 valid. That should be plenty room... */
+ return u > 0 && u < (1ULL << 55);
+}
+
+static inline bool VALID_MONOTONIC(uint64_t u) {
+ /* This considers timestamps until 1142 years of runtime valid. */
+ return u < (1ULL << 55);
+}
+
+static inline bool VALID_EPOCH(uint64_t u) {
+ /* This allows changing the key for 1142 years, every usec. */
+ return u < (1ULL << 55);
+}
+
#define JOURNAL_HEADER_CONTAINS(h, field) \
(le64toh((h)->header_size) >= offsetof(Header, field) + sizeof((h)->field))
diff --git a/src/journal/journal-verify.c b/src/journal/journal-verify.c
index a31817671b..535b2727ac 100644
--- a/src/journal/journal-verify.c
+++ b/src/journal/journal-verify.c
@@ -35,8 +35,8 @@
/* FIXME:
*
- * - write bit mucking test
* - evolve key even if nothing happened in regular intervals
+ * - add macro for accessing flags
*
* - Allow building without libgcrypt
* - check with sparse
@@ -115,7 +115,8 @@ static int journal_file_object_verify(JournalFile *f, Object *o) {
return -EBADMSG;
if (le64toh(o->entry.seqnum) <= 0 ||
- le64toh(o->entry.realtime) <= 0)
+ !VALID_REALTIME(le64toh(o->entry.realtime)) ||
+ !VALID_MONOTONIC(le64toh(o->entry.monotonic)))
return -EBADMSG;
for (i = 0; i < journal_file_entry_n_items(o); i++) {
@@ -169,6 +170,10 @@ static int journal_file_object_verify(JournalFile *f, Object *o) {
case OBJECT_TAG:
if (le64toh(o->object.size) != sizeof(TagObject))
return -EBADMSG;
+
+ if (!VALID_EPOCH(o->tag.epoch))
+ return -EBADMSG;
+
break;
}