cmd/link: truncate file after code signature

When external linking, in case that the external linker generates a code signature with a different size (e.g. as it uses a different identifier), truncate the file after rewriting the code signature, to make sure that no bytes after the signature (which will invalidate the signature). Fixes #43105. Change-Id: I732f949fedd6de42d9f3cf6d017f7ba3f4e59e7a Reviewed-on: https://go-review.googlesource.com/c/go/+/276693 Trust: Cherry Zhang <cherryyz@google.com> Run-TryBot: Cherry Zhang <cherryyz@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Than McIntosh <thanm@google.com>
2025-12-08 06:10:04 +00:00 · 2020-12-09 18:25:05 -05:00 · 2020-12-09 18:25:05 -05:00 · 0aba8f24cb
commit 0aba8f24cb
parent 6c64b6db68
1 changed files with 15 additions and 0 deletions
--- a/src/cmd/link/internal/ld/macho.go
+++ b/src/cmd/link/internal/ld/macho.go
@ -1474,6 +1474,17 @@ func machoCodeSign(ctxt *Link, fname string) error {
 		// Skip.
 		return nil
 	}
+
+	fi, err := f.Stat()
+	if err != nil {
+		return err
+	}
+	if sigOff+sigSz != fi.Size() {
+		// We don't expect anything after the signature (this will invalidate
+		// the signature anyway.)
+		return fmt.Errorf("unexpected content after code signature")
+	}
+
 	sz := codesign.Size(sigOff, "a.out")
 	if sz != sigSz {
 		// Update the load command,
@ -1500,5 +1511,9 @@ func machoCodeSign(ctxt *Link, fname string) error {
 	cs := make([]byte, sz)
 	codesign.Sign(cs, f, "a.out", sigOff, int64(textSeg.Offset), int64(textSeg.Filesz), ctxt.IsExe() || ctxt.IsPIE())
 	_, err = f.WriteAt(cs, sigOff)
+	if err != nil {
+		return err
+	}
+	err = f.Truncate(sigOff + sz)
 	return err
 }