Merge pull request #30104 from poettering/pcrlock-empty-object-fix

pcrlock: fix for parsing corrupted userspace event log
2026-04-14 08:25:20 +09:00 · 2023-11-20 15:43:25 +00:00
parent ad470cc155 42c1df5e2d
commit cd92a5a7d2
2 changed files with 19 additions and 1 deletions
--- a/src/pcrlock/pcrlock.c
+++ b/src/pcrlock/pcrlock.c
@@ -1120,7 +1120,16 @@ static int event_log_load_userspace(EventLog *el) {
                        continue;
                }

-                b[bn] = 0;
+                if (!GREEDY_REALLOC(b, bn + 1))
+                        return log_oom();
+
+                b[bn] = 0; /* Turn it into a string */
+
+                if (memchr(b, 0, bn)) {
+                        log_warning("Found record with embedded NUL byte, skipping.");
+                        continue;
+                }
+
                r = json_parse(b, 0, &j, NULL, NULL);
                if (r < 0)
                        return log_error_errno(r, "Failed to parse local TPM measurement log file: %m");
--- a/test/units/testsuite-70.pcrlock.sh
+++ b/test/units/testsuite-70.pcrlock.sh
@@ -41,6 +41,15 @@ PCRS="1+2+3+4+5+16"
 # (as the PCR values simply won't match the log).
 rm -f /run/log/systemd/tpm2-measure.log

+# Ensure a truncated log doesn't crash pcrlock
+echo -n -e \\x1e >/tmp/borked
+set +e
+SYSTEMD_MEASURE_LOG_USERSPACE=/tmp/borked "$SD_PCRLOCK" cel --no-pager --json=pretty
+ret=$?
+set -e
+# If it crashes the exit code will be 149
+test $ret -eq 1
+
 SYSTEMD_COLORS=256 "$SD_PCRLOCK"
 "$SD_PCRLOCK" cel --no-pager --json=pretty
 "$SD_PCRLOCK" log --pcr="$PCRS"