debuginfod: Don't trust x-debuginfod-size in debuginfod_validate_imasig

Double check file size the server sent against the file size we
actually got in debuginfod_validate_imasig. So we check the signature
over the whole file size as we received it. Otherwise we might be
creating a hash over a shorter (possibly zero sized) data. This makes
sure the server sents a signature that should match the full file (and
not just an arbitrary shorter prefix).

	* debuginfod/debuginfod-client.c (debuginfod_validate_imasig):
	Call fstat on fd and check x-debuginfod-size equals received
	file size.

Signed-off-by: Mark Wielaard <mark@klomp.org>

diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c
index 6340c8c27a4fdb4d969974213ea9b5079d65caa7..f2b82ac7a14d3f89414200800447d2b3976d3bd7 100644 (file)
--- a/debuginfod/debuginfod-client.c
+++ b/debuginfod/debuginfod-client.c
@@ -1640,6 +1640,21 @@ debuginfod_validate_imasig (debuginfod_client *c, int fd)
       goto exit_validate;
     }
 
+    /* Don't trust the size the server sent us, double check against the
+       file size that we actually got.  That way we calculate the hash
+       over the whole file and not a shorter (possibly empty) data size.  */
+    struct stat st;
+    if (fstat (fd, &st) == -1)
+    {
+      rc = -errno;
+      goto exit_validate;
+    }
+    if (data_len != st.st_size)
+    {
+      rc = -EBADMSG;
+      goto exit_validate;
+    }
+
     char file_data[DATA_SIZE]; // imaevm.h data chunk hash size 
     ssize_t n;
     for(off_t k = 0; k < data_len; k += n)