shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-01 17:51:22 +03:00
Code

dissect-image: insist that if a verity partition designator is specified the partition exists

Browse Source 
Let's tighten our checks further.
This commit is contained in:
Lennart Poettering 2021-09-09 11:38:52 +02:00
parent 7b32164f3c
commit 1903defc2d
1 changed files with 19 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/shared/dissect-image.c
View File

@ -1401,22 +1401,28 @@ int dissect_image(
return -EADDRNOTAVAIL; return -EADDRNOTAVAIL;
} }
if (verity && verity->root_hash) { if (verity) {
if (verity->designator < 0 || verity->designator == PARTITION_ROOT) { /* If a verity designator is specified, then insist that the matching partition exists */
if (!m->partitions[PARTITION_ROOT_VERITY].found || !m->partitions[PARTITION_ROOT].found) if (verity->designator >= 0 && !m->partitions[verity->designator].found)
return -EADDRNOTAVAIL; return -EADDRNOTAVAIL;
/* If we found a verity setup, then the root partition is necessarily read-only. */ if (verity->root_hash) {
m->partitions[PARTITION_ROOT].rw = false; if (verity->designator < 0 || verity->designator == PARTITION_ROOT) {
m->verity_ready = true; if (!m->partitions[PARTITION_ROOT_VERITY].found || !m->partitions[PARTITION_ROOT].found)
} return -EADDRNOTAVAIL;
if (verity->designator == PARTITION_USR) { /* If we found a verity setup, then the root partition is necessarily read-only. */
if (!m->partitions[PARTITION_USR_VERITY].found || !m->partitions[PARTITION_USR].found) m->partitions[PARTITION_ROOT].rw = false;
return -EADDRNOTAVAIL; m->verity_ready = true;
}
m->partitions[PARTITION_USR].rw = false; if (verity->designator == PARTITION_USR) {
m->verity_ready = true; if (!m->partitions[PARTITION_USR_VERITY].found || !m->partitions[PARTITION_USR].found)
return -EADDRNOTAVAIL;
m->partitions[PARTITION_USR].rw = false;
m->verity_ready = true;
}
} }
} }