dryang / rpms / systemd

Forked from rpms/systemd 2 years ago
Clone
aed857
From 4f36220ccfe40621cd7df3595568278d7bca4f87 Mon Sep 17 00:00:00 2001
aed857
From: Franck Bui <fbui@suse.com>
aed857
Date: Fri, 23 Sep 2016 13:33:01 +0200
aed857
Subject: [PATCH] journal: fix HMAC calculation when appending a data object
aed857
aed857
Since commit 5996c7c295e073ce21d41305169132c8aa993ad0 (v190 !), the
aed857
calculation of the HMAC is broken because the hash for a data object
aed857
including a field is done in the wrong order: the field object is
aed857
hashed before the data object is.
aed857
aed857
However during verification, the hash is done in the opposite order as
aed857
objects are scanned sequentially.
aed857
aed857
(cherry picked from commit 33685a5a3a98c6ded64d0cc25e37d0180ceb0a6a)
aed857
---
aed857
 src/journal/journal-file.c | 12 ++++++------
aed857
 1 file changed, 6 insertions(+), 6 deletions(-)
aed857
aed857
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
aed857
index 2bb3a9757..586f620e2 100644
aed857
--- a/src/journal/journal-file.c
aed857
+++ b/src/journal/journal-file.c
aed857
@@ -1099,6 +1099,12 @@ static int journal_file_append_data(
aed857
         if (r < 0)
aed857
                 return r;
aed857
 
aed857
+#ifdef HAVE_GCRYPT
aed857
+        r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
aed857
+        if (r < 0)
aed857
+                return r;
aed857
+#endif
aed857
+
aed857
         /* The linking might have altered the window, so let's
aed857
          * refresh our pointer */
aed857
         r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
aed857
@@ -1123,12 +1129,6 @@ static int journal_file_append_data(
aed857
                 fo->field.head_data_offset = le64toh(p);
aed857
         }
aed857
 
aed857
-#ifdef HAVE_GCRYPT
aed857
-        r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
aed857
-        if (r < 0)
aed857
-                return r;
aed857
-#endif
aed857
-
aed857
         if (ret)
aed857
                 *ret = o;
aed857