From patchwork Wed Jan 3 10:05:40 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Babic X-Patchwork-Id: 854930 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:400c:c0c::240; helo=mail-wr0-x240.google.com; envelope-from=swupdate+bncbcxploxj6ikrb66vwljakgqeznw32by@googlegroups.com; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.b="shXDfFnC"; dkim-atps=neutral Received: from mail-wr0-x240.google.com (mail-wr0-x240.google.com [IPv6:2a00:1450:400c:c0c::240]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zBRQQ1yxvz9s7F for ; Wed, 3 Jan 2018 21:05:50 +1100 (AEDT) Received: by mail-wr0-x240.google.com with SMTP id d7sf579148wre.15 for ; Wed, 03 Jan 2018 02:05:49 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1514973947; cv=pass; d=google.com; s=arc-20160816; b=mLhjTTxIaqLp+Q5e7qSaDXPhqm5VhjGhwF4xUcSGcENKSD897n4mjnVSLRiQgLfApQ +eeD4fCKuEVsA+opqItHsvN/q9dlABhFpsS3QaX3KJ7raPCbqOxrqg665hlZAL+Zg8cj E4craiVJPh+lYBNB0ossFHU9RuxSFioGdy6ivi59VqHLKbOqWRo8k7zd5Hgh0MjBxYB+ GmzVyn/1hE5hoMI5BarGYWtHnbJsiCjI5TsbyfPvWvIaaOb1evqiPfglW8SNMJOewB6P 1ryeFQdjmM/2JsZDwC3N9rF0JWknQp7xw9yS/teX9kB78dwUpicV+KIXY0tpZLQ3bSdL 6m7A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:arc-authentication-results :arc-message-signature:mime-version:sender:dkim-signature :arc-authentication-results; bh=z/+zyMx7+J5aygYkJMZZBE78bZXETO8KpsDg9iGoEpQ=; b=Ik0g4hKmhoAzHoMKO8xgQisRv+eM975bL4Jnzb0o+lxPCawb0S/EmQv8rdGO7D4CbD iEGt6hXFR/s4V+85QyUqE4b94wTGmSTt74Ar/NWGZ4Oa6wf+3KIgzp2cZyvc7T3DLtLy 6FhRs/LrtzXMf3aXLwl/VvE9Fq9es1C5wC7IRI6i3rrOoW6zTt3I/fD9hnw4cQRX0fjg cF0V8LOfL6lSVdPrs1oUbfGcQgZoMXWbu43sPXkAdtRBNKGJk2Ens+OiPViAthwL/wqH AW3BydEzrtl9qcGV510CLxrf9e/I4Y4ScYroGwyEsM7bZL47htB/DMvMwb8HuKE59We2 ZyVw== ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:mime-version:from:to:cc:subject:date:message-id:in-reply-to :references:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=z/+zyMx7+J5aygYkJMZZBE78bZXETO8KpsDg9iGoEpQ=; b=shXDfFnCX680k+0hu5JFJQxoSQuNGVmsLmlqWPxt87xPPbgvn45xrQ6bfd0pCN7AI7 eyACmwlbtt4JKbIma0J4t0ePrJXfgJksA8xN0YZdzXpH9XTNnZZa8rMMw9XzVwZHpycn VDZx26/Ihw5lbJClPdvpzzU+E4gJu+9TFMGs5gHmQKZwPJmZlHevOffyHgvCLEzZNEWI XI5+cgpZPPflNyXYkhrNKNnAzYp1cyw253DwUzIN9C5jYdVXiAj225swBPJrNLNCtJiq dXkJ1a6aaFvqun6AsVZ6CKV96FK06A0c2vOAgb5+bIHs8XqdodMhVKhcn+DJLbbQgjPE RQUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=sender:x-gm-message-state:mime-version:from:to:cc:subject:date :message-id:in-reply-to:references:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=z/+zyMx7+J5aygYkJMZZBE78bZXETO8KpsDg9iGoEpQ=; b=bM/F17MXI5Oc9XTu/fC6hL4rtbAQ2OkUk23EoqpYj0HbioxVFZup1p5uJox8kCGjjy 9GfitVklVlk6BjKzEpprWHCcNra3QWf1+g5olii/JpSMA0G22boPfTvry8vr/r6VUrBC i6kvFZwFVZAp9n9f1MF29MEX+d0FujFcyxbey8JeOaWIgSD8EC/p3TYF5VshdftSQA/e SJ0/4RXBhEdEw1YZ/PhzqpWxB+zGZO2DFforp+STKTE5hB4XI0eBIHeLd9to2RlRIuwY oH1VjjKErSIFgr6kTNg1EY2xGaEfrnmcrZx9ZDuSqi70VGmAmu5vqg/Hd4kkBsg2J8G2 gDMw== Sender: swupdate@googlegroups.com X-Gm-Message-State: AKGB3mLMTHitsyHMBg/eYTO+8tru141SlAyLcjT+TtRjrc3rSlajukEw Qj9xazJuhcRcYDYmwxO0nWY= X-Google-Smtp-Source: ACJfBouYoFGLH264KuDk0W2puPaAfCZ6bT//c5Zg/FP+4zQVkxEsYjnPvUOKM3Bk6TIJ57h0oxv8kg== X-Received: by 10.28.94.145 with SMTP id s139mr10092wmb.5.1514973947623; Wed, 03 Jan 2018 02:05:47 -0800 (PST) MIME-Version: 1.0 X-BeenThere: swupdate@googlegroups.com Received: by 10.223.133.169 with SMTP id 38ls1727852wrt.13.gmail; Wed, 03 Jan 2018 02:05:47 -0800 (PST) X-Received: by 10.28.27.83 with SMTP id b80mr112096wmb.13.1514973947295; Wed, 03 Jan 2018 02:05:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1514973947; cv=none; d=google.com; s=arc-20160816; b=StMq71ojlWH6aOKgsMktNsNgAm5XDwVbQsZyPXLTQXo6BTnyI+sy+DI3D9UoLZNLzx 6iTJa3/dzMO0Ex4X9zCmL5VWhrolxtio0BXpcHwmmE0Sts/eHArO95IleD7yfOplET8q eWExqxUhUOyNvRPPcShi37ZsPXXcC7FN06KqvB8FLmnrhkOnjpPYIa5FpTfEhv8BauVg awkYTz36nM6alubhuATIvdCYt9vq4GvIJzRmhAYH1wBqehjg6OeX934e7jj6LcuS91Xs JS7SjKJCBQiqBM/twsxnSggxR8gAivhOOuii0aS6rUX0El/uLzVq/xLtzSPx9V6oGoiB YCuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=/NSrIuA8QxgKJDOkKC3+ncBG6dp8f6VZUlmNbp+E0YU=; b=sZNmcYgYMu9DUKjlp55fatTnxaCB9D2PiRNr1it8XIBenNLZ8tAQluKIh5acWnAJ+A flg37xbRweiian0y5XkySPd74U3ViB7OhjM5A7ye+gmg7/fjt0WimCAidaNXuYznFj9F WyvH6JSE//EF/2J4ly+ye5FMycUpJBqwhhEmEO7RQUxWp+PkrTG6o+3IYcHKYP8DTnJf +SyxLSfCPIwxpc19pQDaFTnR74N/dRILCQ7BQF9voR8GcZczP7mlfuZePTFbR2cYCjeH BAdIkShW8JS/a2Z2HRa+9bb8+xdWJEA3TWlR733LjEgY5/jRbLlBM/UQkBuaNksh/HoS KBXw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de Received: from mail-out.m-online.net (mail-out.m-online.net. [212.18.0.9]) by gmr-mx.google.com with ESMTPS id m3si100267wrm.5.2018.01.03.02.05.47 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 03 Jan 2018 02:05:47 -0800 (PST) Received-SPF: neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) client-ip=212.18.0.9; Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 3zBRQM0Z9Vz1qsDr; Wed, 3 Jan 2018 11:05:47 +0100 (CET) Received: from localhost (dynscan1.mnet-online.de [192.168.6.70]) by mail.m-online.net (Postfix) with ESMTP id 3zBRQM0Gr3z1sFWs; Wed, 3 Jan 2018 11:05:47 +0100 (CET) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024) with ESMTP id wyaMqXWXYxQs; Wed, 3 Jan 2018 11:05:46 +0100 (CET) Received: from babic.homelinux.org (host-88-217-136-221.customer.m-online.net [88.217.136.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPS; Wed, 3 Jan 2018 11:05:46 +0100 (CET) Received: from localhost (mail.babic.homelinux.org [127.0.0.1]) by babic.homelinux.org (Postfix) with ESMTP id EF3564540100; Wed, 3 Jan 2018 11:05:45 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at babic.homelinux.org Received: from babic.homelinux.org ([127.0.0.1]) by localhost (mail.babic.homelinux.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oFrlpgct9iAc; Wed, 3 Jan 2018 11:05:42 +0100 (CET) Received: from papero.fritz.box (papero.fritz.box [192.168.178.132]) by babic.homelinux.org (Postfix) with ESMTP id 7A624454039E; Wed, 3 Jan 2018 11:05:42 +0100 (CET) From: Stefano Babic To: swupdate@googlegroups.com Cc: Stefano Babic Subject: [swupdate] [PATCH V2 2/2] Encrypted scripts cannot be executed Date: Wed, 3 Jan 2018 11:05:40 +0100 Message-Id: <1514973940-11131-2-git-send-email-sbabic@denx.de> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514973940-11131-1-git-send-email-sbabic@denx.de> References: <1514973940-11131-1-git-send-email-sbabic@denx.de> X-Original-Sender: sbabic@denx.de X-Original-Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Scripts cannot be executed becauese they are not decrypted before they run. The bug happens when the SWU is downloaded, while a local install is working because scripts are extracted and decrypted via copyfile(). Factorize script extraction between local and remote install and always decrypt scripts before passing them to the execution handler. Signed-off-by: Stefano Babic --- Changes since V1: - rewrite commit message corelib/installer.c | 56 +++++++++++++++++++++++++++++++++++++--------- corelib/stream_interface.c | 2 +- 2 files changed, 46 insertions(+), 12 deletions(-) diff --git a/corelib/installer.c b/corelib/installer.c index 02461f7..fc3011e 100644 --- a/corelib/installer.c +++ b/corelib/installer.c @@ -145,11 +145,12 @@ int check_if_required(struct imglist *list, struct filehdr *pfdh, * Extract all scripts from a list from the image * and save them on the filesystem to be executed later */ -static int extract_scripts(int fd, struct imglist *head, const char *dest) +static int extract_scripts(int fd, struct imglist *head, int fromfile) { struct img_type *script; int fdout; int ret = 0; + const char* tmpdir_scripts = get_tmpdirscripts(); LIST_FOREACH(script, head, next) { if (script->provided == 0) { @@ -159,14 +160,44 @@ static int extract_scripts(int fd, struct imglist *head, const char *dest) } snprintf(script->extract_file, sizeof(script->extract_file), "%s%s", - dest, script->fname); + tmpdir_scripts , script->fname); fdout = openfileoutput(script->extract_file); if (fdout < 0) return fdout; - ret = extract_next_file(fd, fdout, script->offset, 0, - script->is_encrypted, script->sha256); + if (fromfile) + ret = extract_next_file(fd, fdout, script->offset, 0, + script->is_encrypted, script->sha256); + else { + int fdin; + char *tmpfile; + unsigned long offset = 0; + uint32_t checksum; + + if (asprintf(&tmpfile, "%s%s", get_tmpdir(), script->fname) == + ENOMEM_ASPRINTF) { + ERROR("Path too long: %s%s", get_tmpdir(), script->fname); + close(fdout); + return -ENOMEM; + } + + fdin = open(tmpfile, O_RDONLY); + free(tmpfile); + if (fdin < 0) { + ERROR("Extracted script not found in %s: %s %d\n", + get_tmpdir(), script->extract_file, errno); + return -ENOENT; + } + + ret = copyfile(fdin, &fdout, script->size, &offset, 0, 0, + script->compressed, + &checksum, + script->sha256, + script->is_encrypted, + NULL); + close(fdin); + } close(fdout); if (ret < 0) @@ -258,13 +289,11 @@ int install_images(struct swupdate_cfg *sw, int fdsw, int fromfile) const char* TMPDIR = get_tmpdir(); /* Extract all scripts, preinstall scripts must be run now */ - if (fromfile) { - const char* tmpdir_scripts = get_tmpdirscripts(); - ret = extract_scripts(fdsw, &sw->scripts, tmpdir_scripts); - if (ret) { - ERROR("extracting script to %s failed", tmpdir_scripts); - return ret; - } + const char* tmpdir_scripts = get_tmpdirscripts(); + ret = extract_scripts(fdsw, &sw->scripts, fromfile); + if (ret) { + ERROR("extracting script to %s failed", tmpdir_scripts); + return ret; } /* Scripts must be run before installing images */ @@ -422,6 +451,11 @@ void cleanup_files(struct swupdate_cfg *software) { if (img->fname[0]) { if (snprintf(fn, sizeof(fn), "%s%s", get_tmpdirscripts(), img->fname) >= (int)sizeof(fn)) { + ERROR("Path too long: %s%s", get_tmpdirscripts(), img->fname); + } + remove_sw_file(fn); + if (snprintf(fn, sizeof(fn), "%s%s", get_tmpdir(), + img->fname) >= (int)sizeof(fn)) { ERROR("Path too long: %s%s", TMPDIR, img->fname); } remove_sw_file(fn); diff --git a/corelib/stream_interface.c b/corelib/stream_interface.c index f0e1f3b..a200d7e 100644 --- a/corelib/stream_interface.c +++ b/corelib/stream_interface.c @@ -197,7 +197,7 @@ static int extract_files(int fd, struct swupdate_cfg *software) */ skip = check_if_required(&software->scripts, &fdh, NULL, - get_tmpdirscripts(), + get_tmpdir(), &img); } TRACE("Found file:\n\tfilename %s\n\tsize %u %s",