journal: validate timestamps as well

2012-08-19 15:15:59 +02:00 · 2012-08-19 15:15:59 +02:00 · fc89a13992
parent 84168d8068
commit fc89a13992
3 changed files with 23 additions and 3 deletions
--- a/src/journal/fsprg.c
+++ b/src/journal/fsprg.c
@ -160,7 +160,7 @@ static gcry_mpi_t twopowmodphi(uint64_t m, const gcry_mpi_t p) {
        gcry_mpi_sub_ui(phi, p, 1);

        /* count number of used bits in m */
-        for (n = 0; ((uint64_t)1 << n) <= m; n++)
+        for (n = 0; (1ULL << n) <= m; n++)
                ;

        r = gcry_mpi_new(0);
--- a/src/journal/journal-file.h
+++ b/src/journal/journal-file.h
@ -119,6 +119,21 @@ int journal_file_open_reliably(
 #define ALIGN64(x) (((x) + 7ULL) & ~7ULL)
 #define VALID64(x) (((x) & 7ULL) == 0ULL)

+static inline bool VALID_REALTIME(uint64_t u) {
+        /* This considers timestamps until the year 3112 valid. That should be plenty room... */
+        return u > 0 && u < (1ULL << 55);
+}
+
+static inline bool VALID_MONOTONIC(uint64_t u) {
+        /* This considers timestamps until 1142 years of runtime valid. */
+        return u < (1ULL << 55);
+}
+
+static inline bool VALID_EPOCH(uint64_t u) {
+        /* This allows changing the key for 1142 years, every usec. */
+        return u < (1ULL << 55);
+}
+
 #define JOURNAL_HEADER_CONTAINS(h, field) \
        (le64toh((h)->header_size) >= offsetof(Header, field) + sizeof((h)->field))

--- a/src/journal/journal-verify.c
+++ b/src/journal/journal-verify.c
@ -35,8 +35,8 @@

 /* FIXME:
 *
- * - write bit mucking test
 * - evolve key even if nothing happened in regular intervals
+ * - add macro for accessing flags
 *
 * - Allow building without libgcrypt
 * - check with sparse
@ -115,7 +115,8 @@ static int journal_file_object_verify(JournalFile *f, Object *o) {
                        return -EBADMSG;

                if (le64toh(o->entry.seqnum) <= 0 ||
-                    le64toh(o->entry.realtime) <= 0)
+                    !VALID_REALTIME(le64toh(o->entry.realtime)) ||
+                    !VALID_MONOTONIC(le64toh(o->entry.monotonic)))
                        return -EBADMSG;

                for (i = 0; i < journal_file_entry_n_items(o); i++) {
@ -169,6 +170,10 @@ static int journal_file_object_verify(JournalFile *f, Object *o) {
        case OBJECT_TAG:
                if (le64toh(o->object.size) != sizeof(TagObject))
                        return -EBADMSG;
+
+                if (!VALID_EPOCH(o->tag.epoch))
+                        return -EBADMSG;
+
                break;
        }