dcavalca / rpms / systemd

Forked from rpms/systemd 3 months ago
Clone
a9339c
From 4f36220ccfe40621cd7df3595568278d7bca4f87 Mon Sep 17 00:00:00 2001
a9339c
From: Franck Bui <fbui@suse.com>
a9339c
Date: Fri, 23 Sep 2016 13:33:01 +0200
a9339c
Subject: [PATCH] journal: fix HMAC calculation when appending a data object
a9339c
a9339c
Since commit 5996c7c295e073ce21d41305169132c8aa993ad0 (v190 !), the
a9339c
calculation of the HMAC is broken because the hash for a data object
a9339c
including a field is done in the wrong order: the field object is
a9339c
hashed before the data object is.
a9339c
a9339c
However during verification, the hash is done in the opposite order as
a9339c
objects are scanned sequentially.
a9339c
a9339c
(cherry picked from commit 33685a5a3a98c6ded64d0cc25e37d0180ceb0a6a)
a9339c
---
a9339c
 src/journal/journal-file.c | 12 ++++++------
a9339c
 1 file changed, 6 insertions(+), 6 deletions(-)
a9339c
a9339c
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
a9339c
index 2bb3a9757..586f620e2 100644
a9339c
--- a/src/journal/journal-file.c
a9339c
+++ b/src/journal/journal-file.c
a9339c
@@ -1099,6 +1099,12 @@ static int journal_file_append_data(
a9339c
         if (r < 0)
a9339c
                 return r;
a9339c
 
a9339c
+#ifdef HAVE_GCRYPT
a9339c
+        r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
a9339c
+        if (r < 0)
a9339c
+                return r;
a9339c
+#endif
a9339c
+
a9339c
         /* The linking might have altered the window, so let's
a9339c
          * refresh our pointer */
a9339c
         r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
a9339c
@@ -1123,12 +1129,6 @@ static int journal_file_append_data(
a9339c
                 fo->field.head_data_offset = le64toh(p);
a9339c
         }
a9339c
 
a9339c
-#ifdef HAVE_GCRYPT
a9339c
-        r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
a9339c
-        if (r < 0)
a9339c
-                return r;
a9339c
-#endif
a9339c
-
a9339c
         if (ret)
a9339c
                 *ret = o;
a9339c