diff options
| author | Rafał Miłecki | 2019-09-04 09:06:52 +0000 |
|---|---|---|
| committer | Rafał Miłecki | 2019-09-04 09:06:52 +0000 |
| commit | 34ac88cb873ad81f1510e2207c34b6abaa1ae16a (patch) | |
| tree | e7053f61388b5f4a620fbe4a98debe1a3c19a3c1 | |
| parent | f55c23519e3aeffb606f9f68a2c4fa435de84e72 (diff) | |
| download | procd-34ac88cb873ad81f1510e2207c34b6abaa1ae16a.tar.gz | |
system: reject sysupgrade of invalid firmware images by default
This validation step can be bypassed by passing "force" argument. This
is very similar to the /sbin/sysupgrade behavior and --force.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
| -rw-r--r-- | system.c | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -490,6 +490,7 @@ static int validate_firmware_image(struct ubus_context *ctx, enum { SYSUPGRADE_PATH, + SYSUPGRADE_FORCE, SYSUPGRADE_PREFIX, SYSUPGRADE_COMMAND, SYSUPGRADE_OPTIONS, @@ -498,6 +499,7 @@ enum { static const struct blobmsg_policy sysupgrade_policy[__SYSUPGRADE_MAX] = { [SYSUPGRADE_PATH] = { .name = "path", .type = BLOBMSG_TYPE_STRING }, + [SYSUPGRADE_FORCE] = { .name = "force", .type = BLOBMSG_TYPE_BOOL }, [SYSUPGRADE_PREFIX] = { .name = "prefix", .type = BLOBMSG_TYPE_STRING }, [SYSUPGRADE_COMMAND] = { .name = "command", .type = BLOBMSG_TYPE_STRING }, [SYSUPGRADE_OPTIONS] = { .name = "options", .type = BLOBMSG_TYPE_TABLE }, @@ -539,6 +541,9 @@ static int sysupgrade(struct ubus_context *ctx, struct ubus_object *obj, if (!forceable) { fprintf(stderr, "Firmware image is broken and cannot be installed\n"); return UBUS_STATUS_NOT_SUPPORTED; + } else if (!tb[SYSUPGRADE_FORCE] || !blobmsg_get_bool(tb[SYSUPGRADE_FORCE])) { + fprintf(stderr, "Firmware image is invalid\n"); + return UBUS_STATUS_NOT_SUPPORTED; } } |