diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-12-05 22:52:53 +0100 |
---|---|---|
committer | Mike Gilbert <floppym@gentoo.org> | 2019-01-09 10:12:25 -0500 |
commit | e9d4d369ba6910f20f9a75b52067cc3bce3b756e (patch) | |
tree | d59524d72cd234d7efdae81543c907e31242fd5e | |
parent | journald: when processing a native message, bail more quickly on overbig mess... (diff) | |
download | systemd-e9d4d369ba6910f20f9a75b52067cc3bce3b756e.tar.gz systemd-e9d4d369ba6910f20f9a75b52067cc3bce3b756e.tar.bz2 systemd-e9d4d369ba6910f20f9a75b52067cc3bce3b756e.zip |
journald: lower the maximum entry size limit to ½ for non-sealed fds
We immediately read the whole contents into memory, making thigs much more
expensive. Sealed fds should be used instead since they are more efficient
on our side.
-rw-r--r-- | src/journal/journald-native.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c index 50aad6d13..221188db1 100644 --- a/src/journal/journald-native.c +++ b/src/journal/journald-native.c @@ -376,8 +376,10 @@ void server_process_native_file( if (st.st_size <= 0) return; - if (st.st_size > ENTRY_SIZE_MAX) { - log_error("File passed too large. Ignoring."); + /* When !sealed, set a lower memory limit. We have to read the file, + * effectively doubling memory use. */ + if (st.st_size > ENTRY_SIZE_MAX / (sealed ? 1 : 2)) { + log_error("File passed too large (%"PRIu64" bytes). Ignoring.", (uint64_t) st.st_size); return; } |