logger: add safety checks to avoid core dumps
authorDietmar Maurer <dietmar@proxmox.com>
Thu, 23 Apr 2015 05:33:16 +0000 (07:33 +0200)
committerDietmar Maurer <dietmar@proxmox.com>
Thu, 23 Apr 2015 05:33:16 +0000 (07:33 +0200)
data/src/logger.c

index bc7466bae0bb0100f85da9f72c9eb1c5c7277778..cfbbd7c36af1709b0c112a48d0a60355473f04a0 100644 (file)
@@ -133,6 +133,10 @@ clog_dump(clog_base_t *clog)
        uint32_t cpos = clog->cpos;
 
        while (cpos && (cpos <= clog->cpos || cpos > (clog->cpos + CLOG_MAX_ENTRY_SIZE))) {
+                if (cpos > (clog->size - sizeof(clog_entry_t))) {
+                        cfs_critical("log pointer out of range!");
+                        break;
+                }
                clog_entry_t *cur = (clog_entry_t *)((char *)clog + cpos);
                clog_dump_entry(cur, cpos);
                cpos = cur->prev;
@@ -163,7 +167,12 @@ clog_dump_json(
 
        guint count = 0;
        while (cpos && (cpos <= clog->cpos || cpos > (clog->cpos + CLOG_MAX_ENTRY_SIZE))) {
+                if (cpos > (clog->size - sizeof(clog_entry_t))) {
+                        cfs_critical("log pointer out of range!");
+                        break;
+                }
                clog_entry_t *cur = (clog_entry_t *)((char *)clog + cpos);
+
                cpos = cur->prev;
 
                if (count >= max_entries)
@@ -353,6 +362,10 @@ clog_sort(clog_base_t *clog)
        uint32_t cpos = clog->cpos;
 
        while (cpos && (cpos <= clog->cpos || cpos > (clog->cpos + CLOG_MAX_ENTRY_SIZE))) {
+                if (cpos > (clog->size - sizeof(clog_entry_t))) {
+                        cfs_critical("log pointer out of range!");
+                        break;
+                }
                clog_entry_t *cur = (clog_entry_t *)((char *)clog + cpos);
 
                g_tree_insert(tree, cur, cur);