systemd/0001-journal-fix-HMAC-calculation-when-appending-a-data-o.patch
Franck Bui 35fc3cae4d - Added patches to fix journal with FSS protection enabled (bsc#1000435)
0001-journal-fix-HMAC-calculation-when-appending-a-data-o.patch
   0001-journal-set-STATE_ARCHIVED-as-part-of-offlining-2740.patch
   0001-journal-warn-when-we-fail-to-append-a-tag-to-a-journ.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=952
2016-09-26 09:11:19 +00:00

55 lines
1.6 KiB
Diff

From 6dac79e09ec1b45f05b3e9a5f1f445859b6eefd2 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Fri, 23 Sep 2016 13:33:01 +0200
Subject: [PATCH 1/1] journal: fix HMAC calculation when appending a data
object
Since commit 5996c7c295e073ce21d41305169132c8aa993ad0 (v190 !), the
calculation of the HMAC is broken because the hash for a data object
including a field is done in the wrong order: the field object is
hashed before the data object is.
However during verification, the hash is done in the opposite order as
objects are scanned sequentially.
(cherry picked from commit 33685a5a3a98c6ded64d0cc25e37d0180ceb0a6a)
[fbui: fixes bsc#1000435]
---
src/journal/journal-file.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index a9882cf..a24d97d 100644
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -1111,6 +1111,12 @@ static int journal_file_append_data(
if (r < 0)
return r;
+#ifdef HAVE_GCRYPT
+ r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
+ if (r < 0)
+ return r;
+#endif
+
/* The linking might have altered the window, so let's
* refresh our pointer */
r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
@@ -1135,12 +1141,6 @@ static int journal_file_append_data(
fo->field.head_data_offset = le64toh(p);
}
-#ifdef HAVE_GCRYPT
- r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
- if (r < 0)
- return r;
-#endif
-
if (ret)
*ret = o;
--
2.10.0