On-device signing: some more error checking.
Handle error conditions while computing a digest for a file, and fix a
memory leak.
Bug: 165630556
Test: boots
Change-Id: Iab73486c2fad5d54adb9b983b74dd697f7063c38
diff --git a/ondevice-signing/VerityUtils.cpp b/ondevice-signing/VerityUtils.cpp
index ff7de7e..cab92e2 100644
--- a/ondevice-signing/VerityUtils.cpp
+++ b/ondevice-signing/VerityUtils.cpp
@@ -74,8 +74,14 @@
Result<std::vector<uint8_t>> createDigest(const std::string& path) {
struct stat filestat;
unique_fd fd(TEMP_FAILURE_RETRY(open(path.c_str(), O_RDONLY | O_CLOEXEC)));
+ if (fd < 0) {
+ return ErrnoError() << "Failed to open " << path;
+ }
- stat(path.c_str(), &filestat);
+ int ret = stat(path.c_str(), &filestat);
+ if (ret < 0) {
+ return ErrnoError() << "Failed to stat " << path;
+ }
struct libfsverity_merkle_tree_params params = {
.version = 1,
.hash_algorithm = FS_VERITY_HASH_ALG_SHA256,
@@ -84,9 +90,13 @@
};
struct libfsverity_digest* digest;
- libfsverity_compute_digest(&fd, &read_callback, ¶ms, &digest);
-
- return std::vector<uint8_t>(&digest->digest[0], &digest->digest[32]);
+ ret = libfsverity_compute_digest(&fd, &read_callback, ¶ms, &digest);
+ if (ret < 0) {
+ return ErrnoError() << "Failed to compute fs-verity digest for " << path;
+ }
+ std::vector<uint8_t> digestVector(&digest->digest[0], &digest->digest[32]);
+ free(digest);
+ return digestVector;
}
namespace {