dissect: fix image policy check for bare dm-verity filesystem

The root_hash_sig pointer might be set, but to an empty iovec. Check
that the length is > 0 instead.

Follow-up for cd22d8562dd085f5c234cf26b4dd773029418833

diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
index de9475e6d3282423a10d760749448914c483f55e..be40c772608fefc9bde02ef4d42e111bc275291e 100644 (file)
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@@ -881,7 +881,7 @@ static int dissect_image(
                         encrypted = streq_ptr(fstype, "crypto_LUKS");
 
                         if (verity_settings_data_covers(verity, PARTITION_ROOT))
-                                found_flags = verity->root_hash_sig ? PARTITION_POLICY_SIGNED : PARTITION_POLICY_VERITY;
+                                found_flags = verity->root_hash_sig_size > 0 ? PARTITION_POLICY_SIGNED : PARTITION_POLICY_VERITY;
                         else
                                 found_flags = encrypted ? PARTITION_POLICY_ENCRYPTED : PARTITION_POLICY_UNPROTECTED;