Hi Mark,
On Wed, May 13, 2026 at 9:33 PM Mark Wielaard <[email protected]> wrote:
>
> Double check file size the server sent against the file size we
> actually got in debuginfod_validate_imasig. So we check the signature
> over the whole file size as we received it. Otherwise we might be
> creating a hash over a shorter (possibly zero sized) data. This makes
> sure the server sents a signature that should match the full file (and
> not just an arbitrary shorter prefix).
>
> * debuginfod/debuginfod-client.c (debuginfod_validate_imasig):
> Call fstat on fd and check x-debuginfod-size equals received
> file size.
>
> Signed-off-by: Mark Wielaard <[email protected]>
> ---
>
> V2: Change -EINVAL return to -EBADMSG
LGTM.
Aaron
>
> debuginfod/debuginfod-client.c | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
>
> diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c
> index 6340c8c27a4f..f2b82ac7a14d 100644
> --- a/debuginfod/debuginfod-client.c
> +++ b/debuginfod/debuginfod-client.c
> @@ -1640,6 +1640,21 @@ debuginfod_validate_imasig (debuginfod_client *c, int
> fd)
> goto exit_validate;
> }
>
> + /* Don't trust the size the server sent us, double check against the
> + file size that we actually got. That way we calculate the hash
> + over the whole file and not a shorter (possibly empty) data size. */
> + struct stat st;
> + if (fstat (fd, &st) == -1)
> + {
> + rc = -errno;
> + goto exit_validate;
> + }
> + if (data_len != st.st_size)
> + {
> + rc = -EBADMSG;
> + goto exit_validate;
> + }
> +
> char file_data[DATA_SIZE]; // imaevm.h data chunk hash size
> ssize_t n;
> for(off_t k = 0; k < data_len; k += n)
> --
> 2.53.0
>
