From e514dadd1c3f8244d8dd7a420a4f89c2dd26e4de Mon Sep 17 00:00:00 2001
From: Paul Meyer <katexochen0@gmail.com>
Date: Wed, 17 Jun 2026 18:03:55 +0200
Subject: [PATCH] pcrextend: refuse empty measurement over Varlink

vl_method_extend() accepted an empty text/data value and measured an
empty word, bypassing the empty-word refusal the CLI path already
enforces. Measured words are joined with ":" in the record, so an empty
word is ambiguous. Reject it.

Signed-off-by: Paul Meyer <katexochen0@gmail.com>
---
 src/pcrextend/pcrextend.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/pcrextend/pcrextend.c b/src/pcrextend/pcrextend.c
index cf70daaa927..067cc92ff39 100644
--- a/src/pcrextend/pcrextend.c
+++ b/src/pcrextend/pcrextend.c
@@ -463,6 +463,9 @@ static int vl_method_extend(sd_varlink *link, sd_json_variant *parameters, sd_va
         else
                 return sd_varlink_error_invalid_parameter_name(link, "text");
 
+        if (!iovec_is_set(extend_iovec))
+                return sd_varlink_error_invalid_parameter_name(link, p.text ? "text" : "data");
+
         if (p.nvpcr) {
                 r = extend_nvpcr_now(p.nvpcr, extend_iovec->iov_base, extend_iovec->iov_len, p.event_type);
                 if (IN_SET(r, -ENOENT, -ENODEV))
-- 
2.47.3