diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-05-20 22:06:23 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-05-31 14:30:23 +0200 |
| commit | 324d6aa92629d4368b517f5c4d17a103c69098be (patch) | |
| tree | 1c371592c8e40ee9e5169447347eda0454839636 /src/shared/logs-show.c | |
| parent | basic/random-util: do not use getrandom() under msan (diff) | |
| download | systemd-324d6aa92629d4368b517f5c4d17a103c69098be.tar.xz systemd-324d6aa92629d4368b517f5c4d17a103c69098be.zip | |
shared/logs-show: fix mixup between length-based memory duplication and string operations
We'd look for a '=' separator using memchr, i.e. ignoring any nul bytes in the
string, but then do a strndup, which would terminate on any nul byte, and then
again do a memcmp, which would access memory past the chunk allocated by strndup.
Of course, we probably shouldn't allow keys with nul bytes in them. But we
currently do, so there might be journal files like that out there. So let's fix
the journal-reading code first.
Diffstat (limited to 'src/shared/logs-show.c')
| -rw-r--r-- | src/shared/logs-show.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c index 50326fde5d..124fa838b3 100644 --- a/src/shared/logs-show.c +++ b/src/shared/logs-show.c @@ -839,7 +839,7 @@ static int output_json( if (!eq) continue; - n = strndup(data, eq - (const char*) data); + n = memdup_suffix0(data, eq - (const char*) data); if (!n) { r = log_oom(); goto finish; @@ -891,7 +891,7 @@ static int output_json( m = eq - (const char*) data; - n = strndup(data, m); + n = memdup_suffix0(data, m); if (!n) { r = log_oom(); goto finish; |