From 67ed2acad47642c5253d66aa70b5035687ed5728 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 14 Nov 2024 09:57:36 +0000 Subject: [PATCH] composefs: Ensure buffer is suitably aligned for struct fsverity_digest struct fsverity_digest starts with a __u16, so it will normally require 16-bit alignment, which is not guaranteed for a char array. Resolves: https://github.com/ostreedev/ostree/issues/3339 Signed-off-by: Simon McVittie --- src/libostree/ostree-repo-composefs.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src/libostree/ostree-repo-composefs.c b/src/libostree/ostree-repo-composefs.c index 56d168b3d9..26fa7693a0 100644 --- a/src/libostree/ostree-repo-composefs.c +++ b/src/libostree/ostree-repo-composefs.c @@ -327,19 +327,22 @@ checkout_one_composefs_file_at (OstreeRepo *repo, OtTristate verity, const char * This is the typical case when we're pulled into the target * system repo with verity on and are recreating the composefs * image during deploy. */ - char buf[sizeof (struct fsverity_digest) + OSTREE_SHA256_DIGEST_LEN]; + union + { + struct fsverity_digest d; + char buf[sizeof (struct fsverity_digest) + OSTREE_SHA256_DIGEST_LEN]; + } result; guchar *known_digest = NULL; if (G_IS_UNIX_INPUT_STREAM (input)) { int content_fd = g_unix_input_stream_get_fd (G_UNIX_INPUT_STREAM (input)); - struct fsverity_digest *d = (struct fsverity_digest *)&buf; - d->digest_size = OSTREE_SHA256_DIGEST_LEN; + result.d.digest_size = OSTREE_SHA256_DIGEST_LEN; - if (ioctl (content_fd, FS_IOC_MEASURE_VERITY, d) == 0 - && d->digest_size == OSTREE_SHA256_DIGEST_LEN - && d->digest_algorithm == FS_VERITY_HASH_ALG_SHA256) - known_digest = d->digest; + if (ioctl (content_fd, FS_IOC_MEASURE_VERITY, &result) == 0 + && result.d.digest_size == OSTREE_SHA256_DIGEST_LEN + && result.d.digest_algorithm == FS_VERITY_HASH_ALG_SHA256) + known_digest = result.d.digest; } #endif