vbatts/sbsigntools
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

image: Use size of image data when writing images

Browse source 
When detaching a signature, we need to know the size of the
non-signature data. So, add a data_size member to struct image, and
populate it when we iterate through the section table.

When writing the image, use data_size rather than size, so we don't
unnecessarily add the (now unused) signature data.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
This commit is contained in:
Jeremy Kerr 2012-08-13 13:49:40 +08:00
parent 8a55df5e96
commit 5466f381dd
4 changed files with 26 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
image.c
View file

@ -251,7 +251,7 @@ static void set_region_from_range(struct region *region, void *start, void *end)
static int image_find_regions(struct image *image) static int image_find_regions(struct image *image)
{ {
struct region *regions; struct region *regions, *r;
void *buf = image->buf; void *buf = image->buf;
int i, gap_warn; int i, gap_warn;
size_t bytes; size_t bytes;
@ -360,9 +360,12 @@ static int image_find_regions(struct image *image)
fprintf(stderr, "warning: data remaining[%zd vs %zd]: gaps " fprintf(stderr, "warning: data remaining[%zd vs %zd]: gaps "
"between PE/COFF sections?\n", "between PE/COFF sections?\n",
bytes + image->cert_table_size, image->size); bytes + image->cert_table_size, image->size);
} }
/* record the size of non-signature data */
r = &image->checksum_regions[image->n_checksum_regions - 1];
image->data_size = (r->data - (void *)image->buf) + r->size;
return 0; return 0;
} }
@ -482,7 +485,7 @@ int image_write(struct image *image, const char *filename)
return -1; return -1;
} }
rc = write_all(fd, image->buf, image->size); rc = write_all(fd, image->buf, image->data_size);
if (!rc) if (!rc)
goto out; goto out;
if (!is_signed) if (!is_signed)

3
image.h
View file

@ -50,6 +50,9 @@ struct image {
uint8_t *buf; uint8_t *buf;
size_t size; size_t size;
/* size of the image, without signature */
size_t data_size;
/* Pointers to interesting parts of the image */ /* Pointers to interesting parts of the image */
uint32_t *checksum; uint32_t *checksum;
struct external_PEI_DOS_hdr *doshdr; struct external_PEI_DOS_hdr *doshdr;

3
tests/Makefile.am
View file

@ -54,7 +54,8 @@ TESTS = sign-verify.sh \
sign-invalidattach-verify.sh \ sign-invalidattach-verify.sh \
cert-table-header.sh \ cert-table-header.sh \
resign-warning.sh \ resign-warning.sh \
reattach-warning.sh reattach-warning.sh \
detach-remove.sh
TEST_EXTENSIONS = .sh TEST_EXTENSIONS = .sh
SH_LOG_COMPILER = TEST_ARCHES="$(test_arches)" $(srcdir)/test-wrapper.sh SH_LOG_COMPILER = TEST_ARCHES="$(test_arches)" $(srcdir)/test-wrapper.sh

15
tests/detach-remove.sh Executable file
View file

@ -0,0 +1,15 @@
#!/bin/bash -ex
signed="test.signed"
unsigned="test.unsigned"
"$sbsign" --cert "$cert" --key "$key" --output "$signed" "$image"
cp "$signed" "$unsigned"
"$sbattach" --remove "$unsigned"
# ensure that there is no security directory
objdump -p $unsigned | grep -q '0\+ 0\+ Security Directory'
# ensure that the unsigned file is the same size as our original binary
[ $(stat --format=%s "$image") -eq $(stat --format=%s "$unsigned") ]