image: Use size of image data when writing images
When detaching a signature, we need to know the size of the non-signature data. So, add a data_size member to struct image, and populate it when we iterate through the section table. When writing the image, use data_size rather than size, so we don't unnecessarily add the (now unused) signature data. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
This commit is contained in:
Jeremy Kerr
parent
8a55df5e96
commit
5466f381dd
4 changed files with 26 additions and 4 deletions
9
image.c
9
image.c
|
|
@ -251,7 +251,7 @@ static void set_region_from_range(struct region *region, void *start, void *end)
|
|||
|
||||
static int image_find_regions(struct image *image)
|
||||
{
|
||||
struct region *regions;
|
||||
struct region *regions, *r;
|
||||
void *buf = image->buf;
|
||||
int i, gap_warn;
|
||||
size_t bytes;
|
||||
|
|
@ -360,9 +360,12 @@ static int image_find_regions(struct image *image)
|
|||
fprintf(stderr, "warning: data remaining[%zd vs %zd]: gaps "
|
||||
"between PE/COFF sections?\n",
|
||||
bytes + image->cert_table_size, image->size);
|
||||
|
||||
}
|
||||
|
||||
/* record the size of non-signature data */
|
||||
r = &image->checksum_regions[image->n_checksum_regions - 1];
|
||||
image->data_size = (r->data - (void *)image->buf) + r->size;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -482,7 +485,7 @@ int image_write(struct image *image, const char *filename)
|
|||
return -1;
|
||||
}
|
||||
|
||||
rc = write_all(fd, image->buf, image->size);
|
||||
rc = write_all(fd, image->buf, image->data_size);
|
||||
if (!rc)
|
||||
goto out;
|
||||
if (!is_signed)
|
||||
|
|
|
|||
3
image.h
3
image.h
|
|
@ -50,6 +50,9 @@ struct image {
|
|||
uint8_t *buf;
|
||||
size_t size;
|
||||
|
||||
/* size of the image, without signature */
|
||||
size_t data_size;
|
||||
|
||||
/* Pointers to interesting parts of the image */
|
||||
uint32_t *checksum;
|
||||
struct external_PEI_DOS_hdr *doshdr;
|
||||
|
|
|
|||
|
|
@ -54,7 +54,8 @@ TESTS = sign-verify.sh \
|
|||
sign-invalidattach-verify.sh \
|
||||
cert-table-header.sh \
|
||||
resign-warning.sh \
|
||||
reattach-warning.sh
|
||||
reattach-warning.sh \
|
||||
detach-remove.sh
|
||||
|
||||
TEST_EXTENSIONS = .sh
|
||||
SH_LOG_COMPILER = TEST_ARCHES="$(test_arches)" $(srcdir)/test-wrapper.sh
|
||||
|
|
|
|||
15
tests/detach-remove.sh
Executable file
15
tests/detach-remove.sh
Executable file
|
|
@ -0,0 +1,15 @@
|
|||
#!/bin/bash -ex
|
||||
|
||||
signed="test.signed"
|
||||
unsigned="test.unsigned"
|
||||
|
||||
"$sbsign" --cert "$cert" --key "$key" --output "$signed" "$image"
|
||||
cp "$signed" "$unsigned"
|
||||
"$sbattach" --remove "$unsigned"
|
||||
|
||||
# ensure that there is no security directory
|
||||
objdump -p $unsigned | grep -q '0\+ 0\+ Security Directory'
|
||||
|
||||
# ensure that the unsigned file is the same size as our original binary
|
||||
[ $(stat --format=%s "$image") -eq $(stat --format=%s "$unsigned") ]
|
||||
|
||||
Loading…
Reference in a new issue