logger: validate hdr_size field in logger entry
- check hdr_size to make sure it is in the expected range
from sizeof entry_v1 to entry (entry_v4).
- alter msg() method to report NULL on invalid hdr_size
- alter all users of msg() method.
Bug: 30947841
Change-Id: I9bc1740d7aa9f37df5be966c18de1fb9de63d5dd
diff --git a/liblog/logprint.c b/liblog/logprint.c
index 59bd479..e21a9c4 100644
--- a/liblog/logprint.c
+++ b/liblog/logprint.c
@@ -496,6 +496,11 @@
char *msg = buf->msg;
struct logger_entry_v2 *buf2 = (struct logger_entry_v2 *)buf;
if (buf2->hdr_size) {
+ if ((buf2->hdr_size < sizeof(((struct log_msg *)NULL)->entry_v1)) ||
+ (buf2->hdr_size > sizeof(((struct log_msg *)NULL)->entry))) {
+ fprintf(stderr, "+++ LOG: entry illegal hdr_size\n");
+ return -1;
+ }
msg = ((char *)buf2) + buf2->hdr_size;
if (buf2->hdr_size >= sizeof(struct logger_entry_v4)) {
entry->uid = ((struct logger_entry_v4 *)buf)->uid;
@@ -775,6 +780,11 @@
eventData = (const unsigned char*) buf->msg;
struct logger_entry_v2 *buf2 = (struct logger_entry_v2 *)buf;
if (buf2->hdr_size) {
+ if ((buf2->hdr_size < sizeof(((struct log_msg *)NULL)->entry_v1)) ||
+ (buf2->hdr_size > sizeof(((struct log_msg *)NULL)->entry))) {
+ fprintf(stderr, "+++ LOG: entry illegal hdr_size\n");
+ return -1;
+ }
eventData = ((unsigned char *)buf2) + buf2->hdr_size;
if ((buf2->hdr_size >= sizeof(struct logger_entry_v3)) &&
(((struct logger_entry_v3 *)buf)->lid == LOG_ID_SECURITY)) {