rpms / systemd

Clone
Source Code
GIT

Blame SOURCES/0775-journal-upload-add-asserts-that-snprintf-does-not-re.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-atomic-beta c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c8s-sig-hyperscale c8s-sig-hyperscale-hotfix-252 c9 c9-beta c9s-sig-hyperscale c9s-sig-hyperscale-hotfix-252
  1.   ff2b416966964e2062f106a18513ca9f66e20a22
  2.   SOURCES
  3.   0775-journal-upload-add-asserts-that-snprintf-does-not-re.patch
Blob History Raw
ff2b41 
From c394463688c332199a8fcabe6f84818b57c730b3 Mon Sep 17 00:00:00 2001
ff2b41 
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
ff2b41 
Date: Tue, 2 Oct 2018 12:46:31 +0200
ff2b41 
Subject: [PATCH] journal-upload: add asserts that snprintf does not return an
ff2b41 
 error
ff2b41
ff2b41 
LGMT complains:
ff2b41 
> The size argument of this snprintf call is derived from its return value,
ff2b41 
> which may exceed the size of the buffer and overflow.
ff2b41
ff2b41 
Let's make sure that r is non-negative. (This shouldn't occur unless the format
ff2b41 
string is borked, so let's just add an assert.)
ff2b41 
Then, let's reorder the comparison to avoid the potential overflow.
ff2b41
ff2b41 
(cherry picked from commit 91db8ed5b2e67abf738381a6ed6a05a8271498cd)
ff2b41
ff2b41 
Resolves: #1694605
ff2b41 
---
ff2b41 
 src/journal-remote/journal-upload-journal.c | 12 ++++++++----
ff2b41 
 1 file changed, 8 insertions(+), 4 deletions(-)
ff2b41
ff2b41 
diff --git a/src/journal-remote/journal-upload-journal.c b/src/journal-remote/journal-upload-journal.c
ff2b41 
index 5fd639a76a..c244a76932 100644
ff2b41 
--- a/src/journal-remote/journal-upload-journal.c
ff2b41 
+++ b/src/journal-remote/journal-upload-journal.c
ff2b41 
@@ -30,7 +30,8 @@ static ssize_t write_entry(char *buf, size_t size, Uploader *u) {
ff2b41
ff2b41 
                         r = snprintf(buf + pos, size - pos,
ff2b41 
                                      "__CURSOR=%s\n", u->current_cursor);
ff2b41 
-                        if (pos + r > size)
ff2b41 
+                        assert(r >= 0);
ff2b41 
+                        if ((size_t) r > size - pos)
ff2b41 
                                 /* not enough space */
ff2b41 
                                 return pos;
ff2b41
ff2b41 
@@ -54,7 +55,8 @@ static ssize_t write_entry(char *buf, size_t size, Uploader *u) {
ff2b41
ff2b41 
                         r = snprintf(buf + pos, size - pos,
ff2b41 
                                      "__REALTIME_TIMESTAMP="USEC_FMT"\n", realtime);
ff2b41 
-                        if (r + pos > size)
ff2b41 
+                        assert(r >= 0);
ff2b41 
+                        if ((size_t) r > size - pos)
ff2b41 
                                 /* not enough space */
ff2b41 
                                 return pos;
ff2b41
ff2b41 
@@ -79,7 +81,8 @@ static ssize_t write_entry(char *buf, size_t size, Uploader *u) {
ff2b41
ff2b41 
                         r = snprintf(buf + pos, size - pos,
ff2b41 
                                      "__MONOTONIC_TIMESTAMP="USEC_FMT"\n", monotonic);
ff2b41 
-                        if (r + pos > size)
ff2b41 
+                        assert(r >= 0);
ff2b41 
+                        if ((size_t) r > size - pos)
ff2b41 
                                 /* not enough space */
ff2b41 
                                 return pos;
ff2b41
ff2b41 
@@ -104,7 +107,8 @@ static ssize_t write_entry(char *buf, size_t size, Uploader *u) {
ff2b41
ff2b41 
                         r = snprintf(buf + pos, size - pos,
ff2b41 
                                      "_BOOT_ID=%s\n", sd_id128_to_string(boot_id, sid));
ff2b41 
-                        if (r + pos > size)
ff2b41 
+                        assert(r >= 0);
ff2b41 
+                        if ((size_t) r > size - pos)
ff2b41 
                                 /* not enough space */
ff2b41 
                                 return pos;
ff2b41

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation