diff options
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/fmap.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/fmap.c b/src/lib/fmap.c index ed186e0cae..8d7b6a8f71 100644 --- a/src/lib/fmap.c +++ b/src/lib/fmap.c @@ -38,8 +38,10 @@ static int verify_fmap(const struct fmap *fmap) if (!CONFIG(CBFS_VERIFICATION) || !ENV_INITIAL_STAGE || done) return 0; /* Only need to check hash in first stage. */ + /* On error we need to die right here, lest we risk a TOCTOU attack where the cache is + filled with a tampered FMAP but the later fallback path is fed a valid one. */ if (metadata_hash_verify_fmap(fmap, FMAP_SIZE) != VB2_SUCCESS) - return -1; + die("FMAP verification failure"); done = true; return 0; |