shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-01 17:51:22 +03:00
Code

dissect-image: insist that if a verity partition designator is specified the partition exists

Browse Source 
Let's tighten our checks further.
This commit is contained in:
Lennart Poettering 2021-09-09 11:38:52 +02:00
parent 7b32164f3c
commit 1903defc2d
1 changed files with 19 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/shared/dissect-image.c
View File

@ -1401,22 +1401,28 @@ int dissect_image(
return -EADDRNOTAVAIL;
}
if (verity && verity->root_hash) {
if (verity->designator < 0 || verity->designator == PARTITION_ROOT) {
if (!m->partitions[PARTITION_ROOT_VERITY].found || !m->partitions[PARTITION_ROOT].found)
return -EADDRNOTAVAIL;
if (verity) {
/* If a verity designator is specified, then insist that the matching partition exists */
if (verity->designator >= 0 && !m->partitions[verity->designator].found)
return -EADDRNOTAVAIL;
/* If we found a verity setup, then the root partition is necessarily read-only. */
m->partitions[PARTITION_ROOT].rw = false;
m->verity_ready = true;
}
if (verity->root_hash) {
if (verity->designator < 0 || verity->designator == PARTITION_ROOT) {
if (!m->partitions[PARTITION_ROOT_VERITY].found || !m->partitions[PARTITION_ROOT].found)
return -EADDRNOTAVAIL;
if (verity->designator == PARTITION_USR) {
if (!m->partitions[PARTITION_USR_VERITY].found || !m->partitions[PARTITION_USR].found)
return -EADDRNOTAVAIL;
/* If we found a verity setup, then the root partition is necessarily read-only. */
m->partitions[PARTITION_ROOT].rw = false;
m->verity_ready = true;
}
m->partitions[PARTITION_USR].rw = false;
m->verity_ready = true;
if (verity->designator == PARTITION_USR) {
if (!m->partitions[PARTITION_USR_VERITY].found || !m->partitions[PARTITION_USR].found)
return -EADDRNOTAVAIL;
m->partitions[PARTITION_USR].rw = false;
m->verity_ready = true;
}
}
}