diff options
| author | Rafał Miłecki | 2019-08-30 15:46:07 +0000 |
|---|---|---|
| committer | Rafał Miłecki | 2019-09-04 04:21:18 +0000 |
| commit | f55c23519e3aeffb606f9f68a2c4fa435de84e72 (patch) | |
| tree | 27d3eb0664aef6dd265e1d6711a65c3b209c541d | |
| parent | e990e215e8a3be21bc7d32c7df9fa1993ecf8163 (diff) | |
| download | procd-f55c23519e3aeffb606f9f68a2c4fa435de84e72.tar.gz | |
system: reject sysupgrade of broken firmware images
This uses recently added "validate_firmware_image" to validate passed
firmware. If it happens to be invalid and marked as impossible to force
then sysupgrade simply exits with an error.
This change is needed to avoid bricking devices with some totally broken
images.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
| -rw-r--r-- | system.c | 26 |
1 files changed, 26 insertions, 0 deletions
@@ -507,7 +507,18 @@ static int sysupgrade(struct ubus_context *ctx, struct ubus_object *obj, struct ubus_request_data *req, const char *method, struct blob_attr *msg) { + enum { + VALIDATION_VALID, + VALIDATION_FORCEABLE, + __VALIDATION_MAX + }; + static const struct blobmsg_policy validation_policy[__VALIDATION_MAX] = { + [VALIDATION_VALID] = { .name = "valid", .type = BLOBMSG_TYPE_BOOL }, + [VALIDATION_FORCEABLE] = { .name = "forceable", .type = BLOBMSG_TYPE_BOOL }, + }; + struct blob_attr *validation[__VALIDATION_MAX]; struct blob_attr *tb[__SYSUPGRADE_MAX]; + bool valid, forceable; if (!msg) return UBUS_STATUS_INVALID_ARGUMENT; @@ -516,6 +527,21 @@ static int sysupgrade(struct ubus_context *ctx, struct ubus_object *obj, if (!tb[SYSUPGRADE_PATH] || !tb[SYSUPGRADE_PREFIX]) return UBUS_STATUS_INVALID_ARGUMENT; + if (validate_firmware_image_call(blobmsg_get_string(tb[SYSUPGRADE_PATH]))) + return UBUS_STATUS_UNKNOWN_ERROR; + + blobmsg_parse(validation_policy, __VALIDATION_MAX, validation, blob_data(b.head), blob_len(b.head)); + + valid = validation[VALIDATION_VALID] && blobmsg_get_bool(validation[VALIDATION_VALID]); + forceable = validation[VALIDATION_FORCEABLE] && blobmsg_get_bool(validation[VALIDATION_FORCEABLE]); + + if (!valid) { + if (!forceable) { + fprintf(stderr, "Firmware image is broken and cannot be installed\n"); + return UBUS_STATUS_NOT_SUPPORTED; + } + } + sysupgrade_exec_upgraded(blobmsg_get_string(tb[SYSUPGRADE_PREFIX]), blobmsg_get_string(tb[SYSUPGRADE_PATH]), tb[SYSUPGRADE_COMMAND] ? blobmsg_get_string(tb[SYSUPGRADE_COMMAND]) : NULL, |