summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/journal/journal-verify.c29
1 files changed, 21 insertions, 8 deletions
diff --git a/src/journal/journal-verify.c b/src/journal/journal-verify.c
index 9318f3df8b..8ef91ce485 100644
--- a/src/journal/journal-verify.c
+++ b/src/journal/journal-verify.c
@@ -30,13 +30,14 @@
#include "journal-authenticate.h"
#include "journal-verify.h"
#include "lookup3.h"
+#include "compress.h"
/* FIXME:
*
- * - verify hashes of compressed objects
* - follow all chains
* - check for unreferenced objects
* - verify FSPRG
+ * - Allow building without libgcrypt
*
* */
@@ -54,7 +55,9 @@ static int journal_file_object_verify(JournalFile *f, Object *o) {
switch (o->object.type) {
- case OBJECT_DATA:
+ case OBJECT_DATA: {
+ uint64_t h1, h2;
+
if (le64toh(o->data.entry_offset) <= 0 ||
le64toh(o->data.n_entries) <= 0)
return -EBADMSG;
@@ -62,17 +65,27 @@ static int journal_file_object_verify(JournalFile *f, Object *o) {
if (le64toh(o->object.size) - offsetof(DataObject, payload) <= 0)
return -EBADMSG;
- if (!(o->object.flags & OBJECT_COMPRESSED)) {
- uint64_t h1, h2;
+ h1 = le64toh(o->data.hash);
- h1 = le64toh(o->data.hash);
- h2 = hash64(o->data.payload, le64toh(o->object.size) - offsetof(Object, data.payload));
+ if (o->object.flags & OBJECT_COMPRESSED) {
+ void *b = NULL;
+ uint64_t alloc = 0, b_size;
- if (h1 != h2)
+ if (!uncompress_blob(o->data.payload,
+ le64toh(o->object.size) - offsetof(Object, data.payload),
+ &b, &alloc, &b_size))
return -EBADMSG;
- }
+
+ h2 = hash64(b, b_size);
+ free(b);
+ } else
+ h2 = hash64(o->data.payload, le64toh(o->object.size) - offsetof(Object, data.payload));
+
+ if (h1 != h2)
+ return -EBADMSG;
break;
+ }
case OBJECT_FIELD:
if (le64toh(o->object.size) - offsetof(FieldObject, payload) <= 0)