Fix OOM in createOrUpdateIdsigFile when a directory is passed
createOrUpdateIdsigFile uses V4Signature::create function, which takes
an fd that is passed to it and lseeks to the end of it. If that fd
corresponds to a directory on ext4, then lseek will return (off_t)-1. As
a result, the function will OOM trying to allocate 72 petabytes of
memory.
This change fixes the issue by adding verification logic in
createOrUpdateIdsigFile that passed pfd corresponds to a regular file.
It also adds unit tests for createOrUpdateIdsigFile.
I've also added comment to V4Signature::create telling callers that they
should validate their fd before calling the function.
Bug: 261840405
Test: atest virtualizationservice_device_test
Test: adb shell /apex/com.android.virt/bin/vm create-idsig \
/apex/com.android.virt/app/EmptyPayloadApp@AOSP.MASTER \
/data/local/tmp/fun-with-microdroid
Change-Id: Iddb694e10946eefb4df8959d06fe3488e9c6ac66
diff --git a/libs/apkverify/src/v4.rs b/libs/apkverify/src/v4.rs
index 6c085f6..94abf99 100644
--- a/libs/apkverify/src/v4.rs
+++ b/libs/apkverify/src/v4.rs
@@ -146,6 +146,11 @@
/// Read a stream for an APK file and creates a corresponding `V4Signature` struct that digests
/// the APK file. Note that the signing is not done.
+ /// Important: callers of this function are expected to verify the validity of the passed |apk|.
+ /// To be more specific, they should check that |apk| corresponds to a regular file, as calling
+ /// lseek on directory fds is not defined in the standard, and on ext4 it will return (off_t)-1
+ /// (see: https://bugzilla.kernel.org/show_bug.cgi?id=200043), which will result in this
+ /// function OOMing.
pub fn create(
mut apk: &mut R,
block_size: usize,