From: Dietmar Maurer <dietmar@proxmox.com>
Date: Thu, 23 Apr 2015 05:33:16 +0000 (+0200)
Subject: logger: add safety checks to avoid core dumps
X-Git-Url: https://git.proxmox.com/?p=pve-cluster.git;a=commitdiff_plain;h=9483da1abd3d8d33cbc6786966628dfa3adefb99

logger: add safety checks to avoid core dumps
---

diff --git a/data/src/logger.c b/data/src/logger.c
index bc7466b..cfbbd7c 100644
--- a/data/src/logger.c
+++ b/data/src/logger.c
@@ -133,6 +133,10 @@ clog_dump(clog_base_t *clog)
 	uint32_t cpos = clog->cpos;
 
 	while (cpos && (cpos <= clog->cpos || cpos > (clog->cpos + CLOG_MAX_ENTRY_SIZE))) {
+                if (cpos > (clog->size - sizeof(clog_entry_t))) {
+                        cfs_critical("log pointer out of range!");
+                        break;
+                }
 		clog_entry_t *cur = (clog_entry_t *)((char *)clog + cpos);
 		clog_dump_entry(cur, cpos);
 		cpos = cur->prev;
@@ -163,7 +167,12 @@ clog_dump_json(
 
 	guint count = 0;
 	while (cpos && (cpos <= clog->cpos || cpos > (clog->cpos + CLOG_MAX_ENTRY_SIZE))) {
+                if (cpos > (clog->size - sizeof(clog_entry_t))) {
+                        cfs_critical("log pointer out of range!");
+                        break;
+                }
 		clog_entry_t *cur = (clog_entry_t *)((char *)clog + cpos);
+
 		cpos = cur->prev;
 
 		if (count >= max_entries)
@@ -353,6 +362,10 @@ clog_sort(clog_base_t *clog)
 	uint32_t cpos = clog->cpos;
 
 	while (cpos && (cpos <= clog->cpos || cpos > (clog->cpos + CLOG_MAX_ENTRY_SIZE))) {
+                if (cpos > (clog->size - sizeof(clog_entry_t))) {
+                        cfs_critical("log pointer out of range!");
+                        break;
+                }
 		clog_entry_t *cur = (clog_entry_t *)((char *)clog + cpos);
 
 		g_tree_insert(tree, cur, cur);