ericonr
/
util-linux
mirror of https://github.com/ericonr/util-linux.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

verity: fix verity.roothashsig only working as last parameter 

Parsing of verity.roothashsig did not take into consideration that other options
might follow, and used the whole string as a file path. But mnt_optstr_get_option
just returns a pointer in the mount option string, it doesn't extract it, so it
would have other subsequent options too. The length parameter has to be used.

Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
This commit is contained in:
Luca Boccassi 2021-07-11 18:14:40 +01:00 committed by Karel Zak
parent d501259161
commit db4d80fcef
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
libmount/src/context_veritydev.c
View File

@ -78,7 +78,8 @@ int mnt_context_setup_veritydev(struct libmnt_context *cxt)
const char *backing_file, *optstr;
char *val = NULL, *key = NULL, *root_hash_binary = NULL, *mapper_device = NULL,
*mapper_device_full = NULL, *backing_file_basename = NULL, *root_hash = NULL,
*hash_device = NULL, *root_hash_file = NULL, *fec_device = NULL, *hash_sig = NULL;
*hash_device = NULL, *root_hash_file = NULL, *fec_device = NULL, *hash_sig = NULL,
*root_hash_sig_file = NULL;
size_t len, hash_size, hash_sig_size = 0, keysize = 0;
struct crypt_params_verity crypt_params = {};
struct crypt_device *crypt_dev = NULL;
@ -218,7 +219,10 @@ int mnt_context_setup_veritydev(struct libmnt_context *cxt)
*/
if (rc == 0 && (cxt->user_mountflags & MNT_MS_ROOT_HASH_SIG) &&
mnt_optstr_get_option(optstr, "verity.roothashsig", &val, &len) == 0 && val) {
rc = ul_path_stat(NULL, &hash_sig_st, val);
root_hash_sig_file = strndup(val, len);
rc = root_hash_sig_file ? 0 : -ENOMEM;
if (rc == 0)
rc = ul_path_stat(NULL, &hash_sig_st, root_hash_sig_file);
if (rc == 0)
rc = !S_ISREG(hash_sig_st.st_mode) || !hash_sig_st.st_size ? -EINVAL : 0;
if (rc == 0) {
@ -227,7 +231,7 @@ int mnt_context_setup_veritydev(struct libmnt_context *cxt)
rc = hash_sig ? 0 : -ENOMEM;
}
if (rc == 0) {
rc = ul_path_read(NULL, hash_sig, hash_sig_size, val);
rc = ul_path_read(NULL, hash_sig, hash_sig_size, root_hash_sig_file);
rc = rc < (int)hash_sig_size ? -1 : 0;
}
}
@ -411,6 +415,7 @@ done:
free(hash_device);
free(root_hash);
free(root_hash_file);
free(root_hash_sig_file);
free(fec_device);
free(hash_sig);
free(key);