pcrlock: Take VirtualSize > SizeOfRawData into account

If VirtualSize > SizeOfRawData, measure extra zeros to take into
account the extra zeros also measured by the stub.

diff --git a/src/pcrlock/pehash.c b/src/pcrlock/pehash.c
index 06d1f6afc7ed6267baec7bdcdac031ea00abd57f..7e9dade1f710167b49ae19533aa0ec588fb4b323 100644 (file)
--- a/src/pcrlock/pehash.c
+++ b/src/pcrlock/pehash.c
@@ -216,10 +216,24 @@ int uki_hash(int fd,
                 if (EVP_DigestInit_ex(mdctx, md, NULL) != 1)
                         return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "Failed to allocate message digest.");
 
-                r = hash_file(fd, mdctx, section->PointerToRawData, section->VirtualSize);
+                r = hash_file(fd, mdctx, section->PointerToRawData, MIN(section->VirtualSize, section->SizeOfRawData));
                 if (r < 0)
                         return r;
 
+                if (section->SizeOfRawData < section->VirtualSize) {
+                        uint8_t zeroes[1024] = {};
+                        size_t remaining = section->VirtualSize - section->SizeOfRawData;
+
+                        while (remaining > 0) {
+                                size_t sz = MIN(sizeof(zeroes), remaining);
+
+                                if (EVP_DigestUpdate(mdctx, zeroes, sz) != 1)
+                                        return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "Unable to hash data.");
+
+                                remaining -= sz;
+                        }
+                }
+
                 hashes[i] = malloc(hsz);
                 if (!hashes[i])
                         return log_oom_debug();