From 3510df0ae437deb59bbf1e29c2e5855a421693fa Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 25 Sep 2023 19:07:09 +0200
Subject: [PATCH] repart: add extra safety check that the verity signature fits
 in the partition we want to write

---
 src/partition/repart.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/partition/repart.c b/src/partition/repart.c
index 2cc4881ada2..da7cbe1152c 100644
--- a/src/partition/repart.c
+++ b/src/partition/repart.c
@@ -4159,6 +4159,9 @@ static int partition_format_verity_sig(Context *context, Partition *p) {
         if (r < 0)
                 return log_error_errno(r, "Failed to format verity signature JSON object: %m");
 
+        if (strlen(text)+1 > p->new_size)
+                return log_error_errno(SYNTHETIC_ERRNO(E2BIG), "Verity signature too long for partition: %m");
+
         r = strgrowpad0(&text, p->new_size);
         if (r < 0)
                 return log_error_errno(r, "Failed to pad string to %s", FORMAT_BYTES(p->new_size));
-- 
2.47.3