dissect-image: insist that if a verity partition designator is specified the partitio...

author Lennart Poettering <lennart@poettering.net>

Thu, 9 Sep 2021 09:38:52 +0000 (11:38 +0200)

committer Lennart Poettering <lennart@poettering.net>

Fri, 10 Sep 2021 12:15:55 +0000 (14:15 +0200)
author Lennart Poettering <lennart@poettering.net>
Thu, 9 Sep 2021 09:38:52 +0000 (11:38 +0200)
committer Lennart Poettering <lennart@poettering.net>
Fri, 10 Sep 2021 12:15:55 +0000 (14:15 +0200)
diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c

index 9547dad808f7dd849bd7d59020226393a006d982..a540f866896a83ee5c0e677656032e1574ad5bc7 100644 (file)
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@@ -1401,22 +1401,28 @@ int dissect_image(
                          return -EADDRNOTAVAIL;
          }
  
-        if (verity && verity->root_hash) {
-                if (verity->designator < 0 || verity->designator == PARTITION_ROOT) {
-                        if (!m->partitions[PARTITION_ROOT_VERITY].found || !m->partitions[PARTITION_ROOT].found)
-                                return -EADDRNOTAVAIL;
+        if (verity) {
+                /* If a verity designator is specified, then insist that the matching partition exists */
+                if (verity->designator >= 0 && !m->partitions[verity->designator].found)
+                        return -EADDRNOTAVAIL;
  
-                        /* If we found a verity setup, then the root partition is necessarily read-only. */
-                        m->partitions[PARTITION_ROOT].rw = false;
-                        m->verity_ready = true;
-                }
+                if (verity->root_hash) {
+                        if (verity->designator < 0 || verity->designator == PARTITION_ROOT) {
+                                if (!m->partitions[PARTITION_ROOT_VERITY].found || !m->partitions[PARTITION_ROOT].found)
+                                        return -EADDRNOTAVAIL;
  
-                if (verity->designator == PARTITION_USR) {
-                        if (!m->partitions[PARTITION_USR_VERITY].found || !m->partitions[PARTITION_USR].found)
-                                return -EADDRNOTAVAIL;
+                                /* If we found a verity setup, then the root partition is necessarily read-only. */
+                                m->partitions[PARTITION_ROOT].rw = false;
+                                m->verity_ready = true;
+                        }
+
+                        if (verity->designator == PARTITION_USR) {
+                                if (!m->partitions[PARTITION_USR_VERITY].found || !m->partitions[PARTITION_USR].found)
+                                        return -EADDRNOTAVAIL;
  
-                        m->partitions[PARTITION_USR].rw = false;
-                        m->verity_ready = true;
+                                m->partitions[PARTITION_USR].rw = false;
+                                m->verity_ready = true;
+                        }
                  }
          }
author	Lennart Poettering <lennart@poettering.net>
	Thu, 9 Sep 2021 09:38:52 +0000 (11:38 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Fri, 10 Sep 2021 12:15:55 +0000 (14:15 +0200)