From 8e4795842317663aabac3cda1ec6e7f7844e31c6 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 25 Sep 2023 19:06:06 +0200 Subject: [PATCH 1/2] string-util: make strgrowpad0() a bit safer Let#s make sure we never shorten the allocation leaving an invalid string (i.e. a memory allocation without a trailing NUL) around. --- src/basic/string-util.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/basic/string-util.c b/src/basic/string-util.c index 854cf963ac..7329bfacdf 100644 --- a/src/basic/string-util.c +++ b/src/basic/string-util.c @@ -627,14 +627,23 @@ char* strshorten(char *s, size_t l) { } int strgrowpad0(char **s, size_t l) { + size_t sz; + assert(s); + if (*s) { + sz = strlen(*s) + 1; + if (sz >= l) /* never shrink */ + return 0; + } else + sz = 0; + char *q = realloc(*s, l); if (!q) return -ENOMEM; + *s = q; - size_t sz = strlen(*s); memzero(*s + sz, l - sz); return 0; } From 3510df0ae437deb59bbf1e29c2e5855a421693fa Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 25 Sep 2023 19:07:09 +0200 Subject: [PATCH 2/2] repart: add extra safety check that the verity signature fits in the partition we want to write --- src/partition/repart.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/partition/repart.c b/src/partition/repart.c index 2cc4881ada..da7cbe1152 100644 --- a/src/partition/repart.c +++ b/src/partition/repart.c @@ -4159,6 +4159,9 @@ static int partition_format_verity_sig(Context *context, Partition *p) { if (r < 0) return log_error_errno(r, "Failed to format verity signature JSON object: %m"); + if (strlen(text)+1 > p->new_size) + return log_error_errno(SYNTHETIC_ERRNO(E2BIG), "Verity signature too long for partition: %m"); + r = strgrowpad0(&text, p->new_size); if (r < 0) return log_error_errno(r, "Failed to pad string to %s", FORMAT_BYTES(p->new_size));