From a0bff7ea4c4b066b2498de893e3ebeda4638a0ce Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 8 Sep 2021 17:28:37 +0200 Subject: [PATCH] dissect-image: tighten assertion checks on verity data --- src/shared/dissect-image.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 20eade5a2a..8d5c7e08e3 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -638,7 +638,10 @@ int dissect_image( assert(fd >= 0); assert(ret); + assert(!verity || verity->designator < 0 || IN_SET(verity->designator, PARTITION_ROOT, PARTITION_USR)); assert(!verity || verity->root_hash || verity->root_hash_size == 0); + assert(!verity || verity->root_hash_sig || verity->root_hash_sig_size == 0); + assert(!verity || (verity->root_hash || !verity->root_hash_sig)); assert(!((flags & DISSECT_IMAGE_GPT_ONLY) && (flags & DISSECT_IMAGE_NO_PARTITION_TABLE))); /* Probes a disk image, and returns information about what it found in *ret. -- 2.25.1