diff options
author | Lennart Poettering <lennart@poettering.net> | 2012-09-19 22:51:28 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2012-09-19 22:51:28 +0200 |
commit | 505b6a61c22d5565e9308045c7b9bf79f7d0517e (patch) | |
tree | db8479e90baf09f932389889fa8b4756707823f8 | |
parent | 7d5e9c0f60cddf01ec803012cbdc02d2f55b78c1 (diff) |
journald: don't accept arbitrarily sized journal data fields
https://bugzilla.redhat.com/show_bug.cgi?id=858746
-rw-r--r-- | src/journal/journald-native.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c index 4e44c3ada..85458b50c 100644 --- a/src/journal/journald-native.c +++ b/src/journal/journald-native.c @@ -27,13 +27,14 @@ #include "journald.h" #include "journald-native.h" #include "journald-kmsg.h" #include "journald-console.h" #include "journald-syslog.h" -#define ENTRY_SIZE_MAX (1024*1024*32) +#define ENTRY_SIZE_MAX (1024*1024*64) +#define DATA_SIZE_MAX (1024*1024*64) static bool valid_user_field(const char *p, size_t l) { const char *a; /* We kinda enforce POSIX syntax recommendations for environment variables here, but make a couple of additional @@ -202,13 +203,18 @@ void server_process_native_message( break; } memcpy(&l_le, e + 1, sizeof(uint64_t)); l = le64toh(l_le); - if (remaining < e - p + 1 + sizeof(uint64_t) + l + 1 || + if (l > DATA_SIZE_MAX) { + log_debug("Received binary data block too large, ignoring."); + break; + } + + if ((uint64_t) remaining < e - p + 1 + sizeof(uint64_t) + l + 1 || e[1+sizeof(uint64_t)+l] != '\n') { log_debug("Failed to parse message, ignoring."); break; } k = malloc((e - p) + 1 + l); |