Skip to content

Commit

Permalink
composefs: Ensure buffer is suitably aligned for struct fsverity_digest
Browse files Browse the repository at this point in the history
struct fsverity_digest starts with a __u16, so it will normally require
16-bit alignment, which is not guaranteed for a char array.

Resolves: #3339
Signed-off-by: Simon McVittie <smcv@debian.org>
  • Loading branch information
smcv committed Nov 14, 2024
1 parent 8705495 commit 39d3f1d
Showing 1 changed file with 10 additions and 7 deletions.
17 changes: 10 additions & 7 deletions src/libostree/ostree-repo-composefs.c
Original file line number Diff line number Diff line change
Expand Up @@ -327,19 +327,22 @@ checkout_one_composefs_file_at (OstreeRepo *repo, OtTristate verity, const char
* This is the typical case when we're pulled into the target
* system repo with verity on and are recreating the composefs
* image during deploy. */
char buf[sizeof (struct fsverity_digest) + OSTREE_SHA256_DIGEST_LEN];
union
{
struct fsverity_digest d;
char buf[sizeof (struct fsverity_digest) + OSTREE_SHA256_DIGEST_LEN];
} result;
guchar *known_digest = NULL;

if (G_IS_UNIX_INPUT_STREAM (input))
{
int content_fd = g_unix_input_stream_get_fd (G_UNIX_INPUT_STREAM (input));
struct fsverity_digest *d = (struct fsverity_digest *)&buf;
d->digest_size = OSTREE_SHA256_DIGEST_LEN;
result.d->digest_size = OSTREE_SHA256_DIGEST_LEN;

if (ioctl (content_fd, FS_IOC_MEASURE_VERITY, d) == 0
&& d->digest_size == OSTREE_SHA256_DIGEST_LEN
&& d->digest_algorithm == FS_VERITY_HASH_ALG_SHA256)
known_digest = d->digest;
if (ioctl (content_fd, FS_IOC_MEASURE_VERITY, &result) == 0
&& result.d->digest_size == OSTREE_SHA256_DIGEST_LEN
&& result.d->digest_algorithm == FS_VERITY_HASH_ALG_SHA256)
known_digest = result.d->digest;
}
#endif

Expand Down

0 comments on commit 39d3f1d

Please sign in to comment.