From db4d80fcefae8ca8c67f3a64efe4562b23bd5a37 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Sun, 11 Jul 2021 18:14:40 +0100 Subject: [PATCH] verity: fix verity.roothashsig only working as last parameter Parsing of verity.roothashsig did not take into consideration that other options might follow, and used the whole string as a file path. But mnt_optstr_get_option just returns a pointer in the mount option string, it doesn't extract it, so it would have other subsequent options too. The length parameter has to be used. Signed-off-by: Luca Boccassi --- libmount/src/context_veritydev.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/libmount/src/context_veritydev.c b/libmount/src/context_veritydev.c index 2878d9489..fd6f1fa89 100644 --- a/libmount/src/context_veritydev.c +++ b/libmount/src/context_veritydev.c @@ -78,7 +78,8 @@ int mnt_context_setup_veritydev(struct libmnt_context *cxt) const char *backing_file, *optstr; char *val = NULL, *key = NULL, *root_hash_binary = NULL, *mapper_device = NULL, *mapper_device_full = NULL, *backing_file_basename = NULL, *root_hash = NULL, - *hash_device = NULL, *root_hash_file = NULL, *fec_device = NULL, *hash_sig = NULL; + *hash_device = NULL, *root_hash_file = NULL, *fec_device = NULL, *hash_sig = NULL, + *root_hash_sig_file = NULL; size_t len, hash_size, hash_sig_size = 0, keysize = 0; struct crypt_params_verity crypt_params = {}; struct crypt_device *crypt_dev = NULL; @@ -218,7 +219,10 @@ int mnt_context_setup_veritydev(struct libmnt_context *cxt) */ if (rc == 0 && (cxt->user_mountflags & MNT_MS_ROOT_HASH_SIG) && mnt_optstr_get_option(optstr, "verity.roothashsig", &val, &len) == 0 && val) { - rc = ul_path_stat(NULL, &hash_sig_st, val); + root_hash_sig_file = strndup(val, len); + rc = root_hash_sig_file ? 0 : -ENOMEM; + if (rc == 0) + rc = ul_path_stat(NULL, &hash_sig_st, root_hash_sig_file); if (rc == 0) rc = !S_ISREG(hash_sig_st.st_mode) || !hash_sig_st.st_size ? -EINVAL : 0; if (rc == 0) { @@ -227,7 +231,7 @@ int mnt_context_setup_veritydev(struct libmnt_context *cxt) rc = hash_sig ? 0 : -ENOMEM; } if (rc == 0) { - rc = ul_path_read(NULL, hash_sig, hash_sig_size, val); + rc = ul_path_read(NULL, hash_sig, hash_sig_size, root_hash_sig_file); rc = rc < (int)hash_sig_size ? -1 : 0; } } @@ -411,6 +415,7 @@ done: free(hash_device); free(root_hash); free(root_hash_file); + free(root_hash_sig_file); free(fec_device); free(hash_sig); free(key);