cmd/link: truncate file after code signature

When external linking, in case that the external linker generates
a code signature with a different size (e.g. as it uses a
different identifier), truncate the file after rewriting the code
signature, to make sure that no bytes after the signature (which
will invalidate the signature).

Fixes #43105.

Change-Id: I732f949fedd6de42d9f3cf6d017f7ba3f4e59e7a
Reviewed-on: https://go-review.googlesource.com/c/go/+/276693
Trust: Cherry Zhang <cherryyz@google.com>
Run-TryBot: Cherry Zhang <cherryyz@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>

1 files changed, 15 insertions, 0 deletions

diff --git a/src/cmd/link/internal/ld/macho.go b/src/cmd/link/internal/ld/macho.go
index f459576420..4605644767 100644
--- a/src/cmd/link/internal/ld/macho.go
+++ b/src/cmd/link/internal/ld/macho.go
@@ -1474,6 +1474,17 @@ func machoCodeSign(ctxt *Link, fname string) error {
 		// Skip.
 		return nil
 	}
+
+	fi, err := f.Stat()
+	if err != nil {
+		return err
+	}
+	if sigOff+sigSz != fi.Size() {
+		// We don't expect anything after the signature (this will invalidate
+		// the signature anyway.)
+		return fmt.Errorf("unexpected content after code signature")
+	}
+
 	sz := codesign.Size(sigOff, "a.out")
 	if sz != sigSz {
 		// Update the load command,
@@ -1500,5 +1511,9 @@ func machoCodeSign(ctxt *Link, fname string) error {
 	cs := make([]byte, sz)
 	codesign.Sign(cs, f, "a.out", sigOff, int64(textSeg.Offset), int64(textSeg.Filesz), ctxt.IsExe() || ctxt.IsPIE())
 	_, err = f.WriteAt(cs, sigOff)
+	if err != nil {
+		return err
+	}
+	err = f.Truncate(sigOff + sz)
 	return err
 }