richardphibel / rpms / systemd

Forked from rpms/systemd 2 years ago
Clone
923a60
From 4f36220ccfe40621cd7df3595568278d7bca4f87 Mon Sep 17 00:00:00 2001
923a60
From: Franck Bui <fbui@suse.com>
923a60
Date: Fri, 23 Sep 2016 13:33:01 +0200
923a60
Subject: [PATCH] journal: fix HMAC calculation when appending a data object
923a60
923a60
Since commit 5996c7c295e073ce21d41305169132c8aa993ad0 (v190 !), the
923a60
calculation of the HMAC is broken because the hash for a data object
923a60
including a field is done in the wrong order: the field object is
923a60
hashed before the data object is.
923a60
923a60
However during verification, the hash is done in the opposite order as
923a60
objects are scanned sequentially.
923a60
923a60
(cherry picked from commit 33685a5a3a98c6ded64d0cc25e37d0180ceb0a6a)
923a60
---
923a60
 src/journal/journal-file.c | 12 ++++++------
923a60
 1 file changed, 6 insertions(+), 6 deletions(-)
923a60
923a60
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
923a60
index 2bb3a97574..586f620e21 100644
923a60
--- a/src/journal/journal-file.c
923a60
+++ b/src/journal/journal-file.c
923a60
@@ -1099,6 +1099,12 @@ static int journal_file_append_data(
923a60
         if (r < 0)
923a60
                 return r;
923a60
 
923a60
+#ifdef HAVE_GCRYPT
923a60
+        r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
923a60
+        if (r < 0)
923a60
+                return r;
923a60
+#endif
923a60
+
923a60
         /* The linking might have altered the window, so let's
923a60
          * refresh our pointer */
923a60
         r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
923a60
@@ -1123,12 +1129,6 @@ static int journal_file_append_data(
923a60
                 fo->field.head_data_offset = le64toh(p);
923a60
         }
923a60
 
923a60
-#ifdef HAVE_GCRYPT
923a60
-        r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
923a60
-        if (r < 0)
923a60
-                return r;
923a60
-#endif
923a60
-
923a60
         if (ret)
923a60
                 *ret = o;
923a60