From: Lennart Poettering Date: Wed, 28 Dec 2011 00:53:06 +0000 (+0100) Subject: journal: never mmap beyond file size X-Git-Tag: v38~144^2~10 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2a59ea54f136f8fcf6a4e1bdfc51448c81281a3e;p=systemd journal: never mmap beyond file size --- diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c index 80775e1a..6c7718de 100644 --- a/src/journal/journal-file.c +++ b/src/journal/journal-file.c @@ -241,6 +241,10 @@ static int journal_file_map( wsize = size + (offset - woffset); wsize = PAGE_ALIGN(wsize); + /* Avoid SIGBUS on invalid accesses */ + if (woffset + wsize > (uint64_t) PAGE_ALIGN(f->last_stat.st_size)) + return -EADDRNOTAVAIL; + window = mmap(NULL, wsize, f->prot, MAP_SHARED, f->fd, woffset); if (window == MAP_FAILED) return -errno; @@ -305,6 +309,15 @@ static int journal_file_move_to(JournalFile *f, int wt, uint64_t offset, uint64_ } else delta = 0; + if (offset > (uint64_t) f->last_stat.st_size) + return -EADDRNOTAVAIL; + + if (offset + size > (uint64_t) f->last_stat.st_size) + size = PAGE_ALIGN((uint64_t) f->last_stat.st_size - offset); + + if (size <= 0) + return -EADDRNOTAVAIL; + r = journal_file_map(f, offset, size, &w->ptr, &w->offset, &w->size, diff --git a/src/journal/sd-journal.h b/src/journal/sd-journal.h index 9872e9c2..7f9f7859 100644 --- a/src/journal/sd-journal.h +++ b/src/journal/sd-journal.h @@ -36,8 +36,14 @@ * - extend hash tables table as we go * - accelerate looking for "all hostnames" and suchlike. * - cryptographic hash - * - never access beyond fle size check * - OR of matches is borked... + * - flush /run to /var + * - hookup with systemctl + * - local deserializer + * - think about manipulations of header + * - http server + * - handle incomplete header + * - message catalog */ /* Write to daemon */