repart: add extra safety check that the verity signature fits in the partition we...

diff --git a/src/partition/repart.c b/src/partition/repart.c
index 2cc4881ada24cf39d492f346d67e458d813d6adf..da7cbe1152cf322bbd24781a2de22bde7598cc7d 100644 (file)
--- a/src/partition/repart.c
+++ b/src/partition/repart.c
@@ -4159,6 +4159,9 @@ static int partition_format_verity_sig(Context *context, Partition *p) {
         if (r < 0)
                 return log_error_errno(r, "Failed to format verity signature JSON object: %m");
 
+        if (strlen(text)+1 > p->new_size)
+                return log_error_errno(SYNTHETIC_ERRNO(E2BIG), "Verity signature too long for partition: %m");
+
         r = strgrowpad0(&text, p->new_size);
         if (r < 0)
                 return log_error_errno(r, "Failed to pad string to %s", FORMAT_BYTES(p->new_size));