dissect-image: tighten assertion checks on verity data

diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
index 20eade5a2a286ea50f3de6c8786ac98785d5af9d..8d5c7e08e353d87f64e8e29ae5c6c23c8de0ea83 100644 (file)
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@@ -638,7 +638,10 @@ int dissect_image(
 
         assert(fd >= 0);
         assert(ret);
+        assert(!verity || verity->designator < 0 || IN_SET(verity->designator, PARTITION_ROOT, PARTITION_USR));
         assert(!verity || verity->root_hash || verity->root_hash_size == 0);
+        assert(!verity || verity->root_hash_sig || verity->root_hash_sig_size == 0);
+        assert(!verity || (verity->root_hash || !verity->root_hash_sig));
         assert(!((flags & DISSECT_IMAGE_GPT_ONLY) && (flags & DISSECT_IMAGE_NO_PARTITION_TABLE)));
 
         /* Probes a disk image, and returns information about what it found in *ret.