From e1ede1530ff21d3b8920c0cbbebb42ccff4fa22d Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 18 Oct 2011 15:23:33 -0700
Subject: liblog: do better checks of log messages.

Testing:

The following test cases all passed and generated log entries:

 # echo -n '\03foo\0bar\0' > /dev/log/main
 # echo -n '\03\0bar\0' > /dev/log/main
 # echo -n '\03\0a\0' > /dev/log/main

The following entries were successfully processed by
logcat but produced no log entries:

 # echo -n '\03\0\0' > /dev/log/main
 # echo -n '\03a\0\0' > /dev/log/main
 # echo -n '\03b\0\0' > /dev/log/main

Also tested the pathological error condition:

 cat /dev/urandom > /dev/log/main

which produced many "+++ LOG: malformed log entry" errors.

Bug: 5478600
Change-Id: I53bc79507242dcfc14445746c29edf47be0a90b4
---
 liblog/logprint.c | 33 +++++++++++++++++++--------------
 1 file changed, 19 insertions(+), 14 deletions(-)

diff --git a/liblog/logprint.c b/liblog/logprint.c
index f2dd79f..daada5a 100644
--- a/liblog/logprint.c
+++ b/liblog/logprint.c
@@ -352,7 +352,6 @@ int android_log_processLogBuffer(struct logger_entry *buf,
 {
     entry->tv_sec = buf->sec;
     entry->tv_nsec = buf->nsec;
-    entry->priority = buf->msg[0];
     entry->pid = buf->pid;
     entry->tid = buf->tid;
 
@@ -360,26 +359,32 @@ int android_log_processLogBuffer(struct logger_entry *buf,
      * format: <priority:1><tag:N>\0<message:N>\0
      *
      * tag str
-     *   starts at msg+1
+     *   starts at buf->msg+1
      * msg
-     *   starts at msg+1+len(tag)+1
+     *   starts at buf->msg+1+len(tag)+1
      */
-    entry->tag = buf->msg + 1;
-    const size_t tag_len = strlen(entry->tag);
-    const size_t preambleAndNullLen = tag_len + 3;
-    if (buf->len <= preambleAndNullLen) {
-        fprintf(stderr, "+++ LOG: entry corrupt or truncated\n");
+    if (buf->len < 3) {
+        // An well-formed entry must consist of at least a priority
+        // and two null characters
+        fprintf(stderr, "+++ LOG: entry too small\n");
         return -1;
     }
-    entry->messageLen = buf->len - preambleAndNullLen;
-    entry->message = entry->tag + tag_len + 1;
 
-    if (entry->messageLen != strlen(entry->message)) {
-        fprintf(stderr,
-                "+++ LOG: Message length inconsistent. Expected %d, got %d\n",
-                entry->messageLen, strlen(entry->message));
+    int nullsFound = 0;
+    int i;
+    for (i = 1; i < buf->len; i++) {
+        if (buf->msg[i] == '\0') {
+            nullsFound++;
+        }
+    }
+    if (nullsFound != 2) {
+        fprintf(stderr, "+++ LOG: malformed log entry\n");
         return -1;
     }
+    entry->priority = buf->msg[0];
+    entry->tag = buf->msg + 1;
+    entry->message = entry->tag + strlen(entry->tag) + 1;
+    entry->messageLen = strlen(entry->message);
 
     return 0;
 }
-- 
cgit v1.1