[gvfs/gnome-3-8] metadata: Be more resistive to broken journal files
- From: Tomas Bzatek <tbzatek src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gvfs/gnome-3-8] metadata: Be more resistive to broken journal files
- Date: Tue, 14 May 2013 16:15:00 +0000 (UTC)
commit 496efc06171967aff217670d07d0cb6c4ccc62bf
Author: Tomas Bzatek <tbzatek redhat com>
Date: Mon May 13 17:40:01 2013 +0200
metadata: Be more resistive to broken journal files
In shared NFS homedir case with multiple clients writing to the same
mmaped journal file data can get easily corrupted. The daemon iterates
over a journal file on flush taking in account variable entry size and
advances according to the data read.
However in certain case invalid data are read making us to jump out of
bounds. In case of zero entry size we would stand at the same place
leading to infinite loop.
This patch checks if the indicated entry size is at least the size of
the structure we're getting the size from (it's a first element) and breaks
the iteration cycle if it's not. This may lead to partial data loss on flush
as we don't process the rest of the journal file. Old data from existing
tree file will be preserved of course, only few recent changes would get lost.
https://bugzilla.gnome.org/show_bug.cgi?id=637095
(cherry picked from commit 21811b3ae17ec705327484c1ce0be75fec95bb0e)
metadata/metatree.c | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
---
diff --git a/metadata/metatree.c b/metadata/metatree.c
index 015300e..20b7862 100644
--- a/metadata/metatree.c
+++ b/metadata/metatree.c
@@ -1304,6 +1304,11 @@ meta_journal_iterate (MetaJournal *journal,
{
sizep = (guint32 *)entry;
entry = (MetaJournalEntry *)((char *)entry - GUINT32_FROM_BE (*(sizep-1)));
+ if (GUINT32_FROM_BE (*(sizep)) < sizeof (MetaJournalEntry) && entry > journal->first_entry)
+ {
+ g_warning ("meta_journal_iterate: found short sized entry, possible journal corruption\n");
+ break;
+ }
mtime = GUINT64_FROM_BE (entry->mtime);
journal_path = &entry->path[0];
@@ -2343,6 +2348,13 @@ apply_journal_to_builder (MetaTree *tree,
sizep = (guint32 *)entry;
entry = (MetaJournalEntry *)((char *)entry + GUINT32_FROM_BE (*(sizep)));
+ if (GUINT32_FROM_BE (*(sizep)) < sizeof (MetaJournalEntry) && entry < journal->last_entry)
+ {
+ /* This shouldn't happen, we found an entry that is shorter than its data */
+ /* See https://bugzilla.gnome.org/show_bug.cgi?id=637095 for discussion */
+ g_warning ("apply_journal_to_builder: found short sized entry, possible journal corruption\n");
+ break;
+ }
}
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]