rpms / systemd

Clone
Source Code
GIT

Blame SOURCES/0775-journal-upload-add-asserts-that-snprintf-does-not-re.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-atomic-beta c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c8s-sig-hyperscale c8s-sig-hyperscale-hotfix-252 c9 c9-beta c9s-sig-hyperscale c9s-sig-hyperscale-hotfix-252
  1.   66154542ca041bfe248eba890fccfe1aef0bb405
  2.   SOURCES
  3.   0775-journal-upload-add-asserts-that-snprintf-does-not-re.patch
Blob History Raw
661545 
From c394463688c332199a8fcabe6f84818b57c730b3 Mon Sep 17 00:00:00 2001
661545 
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
661545 
Date: Tue, 2 Oct 2018 12:46:31 +0200
661545 
Subject: [PATCH] journal-upload: add asserts that snprintf does not return an
661545 
 error
661545
661545 
LGMT complains:
661545 
> The size argument of this snprintf call is derived from its return value,
661545 
> which may exceed the size of the buffer and overflow.
661545
661545 
Let's make sure that r is non-negative. (This shouldn't occur unless the format
661545 
string is borked, so let's just add an assert.)
661545 
Then, let's reorder the comparison to avoid the potential overflow.
661545
661545 
(cherry picked from commit 91db8ed5b2e67abf738381a6ed6a05a8271498cd)
661545
661545 
Resolves: #1694605
661545 
---
661545 
 src/journal-remote/journal-upload-journal.c | 12 ++++++++----
661545 
 1 file changed, 8 insertions(+), 4 deletions(-)
661545
661545 
diff --git a/src/journal-remote/journal-upload-journal.c b/src/journal-remote/journal-upload-journal.c
661545 
index 5fd639a76a..c244a76932 100644
661545 
--- a/src/journal-remote/journal-upload-journal.c
661545 
+++ b/src/journal-remote/journal-upload-journal.c
661545 
@@ -30,7 +30,8 @@ static ssize_t write_entry(char *buf, size_t size, Uploader *u) {
661545
661545 
                         r = snprintf(buf + pos, size - pos,
661545 
                                      "__CURSOR=%s\n", u->current_cursor);
661545 
-                        if (pos + r > size)
661545 
+                        assert(r >= 0);
661545 
+                        if ((size_t) r > size - pos)
661545 
                                 /* not enough space */
661545 
                                 return pos;
661545
661545 
@@ -54,7 +55,8 @@ static ssize_t write_entry(char *buf, size_t size, Uploader *u) {
661545
661545 
                         r = snprintf(buf + pos, size - pos,
661545 
                                      "__REALTIME_TIMESTAMP="USEC_FMT"\n", realtime);
661545 
-                        if (r + pos > size)
661545 
+                        assert(r >= 0);
661545 
+                        if ((size_t) r > size - pos)
661545 
                                 /* not enough space */
661545 
                                 return pos;
661545
661545 
@@ -79,7 +81,8 @@ static ssize_t write_entry(char *buf, size_t size, Uploader *u) {
661545
661545 
                         r = snprintf(buf + pos, size - pos,
661545 
                                      "__MONOTONIC_TIMESTAMP="USEC_FMT"\n", monotonic);
661545 
-                        if (r + pos > size)
661545 
+                        assert(r >= 0);
661545 
+                        if ((size_t) r > size - pos)
661545 
                                 /* not enough space */
661545 
                                 return pos;
661545
661545 
@@ -104,7 +107,8 @@ static ssize_t write_entry(char *buf, size_t size, Uploader *u) {
661545
661545 
                         r = snprintf(buf + pos, size - pos,
661545 
                                      "_BOOT_ID=%s\n", sd_id128_to_string(boot_id, sid));
661545 
-                        if (r + pos > size)
661545 
+                        assert(r >= 0);
661545 
+                        if ((size_t) r > size - pos)
661545 
                                 /* not enough space */
661545 
                                 return pos;
661545

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation