cmd/link: truncate file after code signature

When external linking, in case that the external linker generates
a code signature with a different size (e.g. as it uses a
different identifier), truncate the file after rewriting the code
signature, to make sure that no bytes after the signature (which
will invalidate the signature).

Fixes #43105.

Change-Id: I732f949fedd6de42d9f3cf6d017f7ba3f4e59e7a
Reviewed-on: https://go-review.googlesource.com/c/go/+/276693
Trust: Cherry Zhang <cherryyz@google.com>
Run-TryBot: Cherry Zhang <cherryyz@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>

diff --git a/src/cmd/link/internal/ld/macho.go b/src/cmd/link/internal/ld/macho.go
index f45957642024471f3c1c371c7491367a9e8cd458..460564476782d129733d53fb78a04968b831ec82 100644 (file)
--- a/src/cmd/link/internal/ld/macho.go
+++ b/src/cmd/link/internal/ld/macho.go
@@ -1474,6 +1474,17 @@ func machoCodeSign(ctxt *Link, fname string) error {
                // Skip.
                return nil
        }
+
+       fi, err := f.Stat()
+       if err != nil {
+               return err
+       }
+       if sigOff+sigSz != fi.Size() {
+               // We don't expect anything after the signature (this will invalidate
+               // the signature anyway.)
+               return fmt.Errorf("unexpected content after code signature")
+       }
+
        sz := codesign.Size(sigOff, "a.out")
        if sz != sigSz {
                // Update the load command,
@@ -1500,5 +1511,9 @@ func machoCodeSign(ctxt *Link, fname string) error {
        cs := make([]byte, sz)
        codesign.Sign(cs, f, "a.out", sigOff, int64(textSeg.Offset), int64(textSeg.Filesz), ctxt.IsExe() || ctxt.IsPIE())
        _, err = f.WriteAt(cs, sigOff)
+       if err != nil {
+               return err
+       }
+       err = f.Truncate(sigOff + sz)
        return err
 }