diff mbox series

parser: fail early if sha256 given and !CONFIG_HASH_VERIFY

Message ID 20171023155525.19405-1-christian.storm@siemens.com
State Accepted
Headers show
Series parser: fail early if sha256 given and !CONFIG_HASH_VERIFY | expand

Commit Message

Storm, Christian Oct. 23, 2017, 3:55 p.m. UTC 
Yield an error message and fail early if a hash (sha256) is
given but CONFIG_HASH_VERIFY is not enabled as core/util.c's
IsValidHash() will fail (silently) later anyway.

Signed-off-by: Christian Storm <christian.storm@siemens.com>
---
 core/parser.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

Comments

Stefano Babic Oct. 30, 2017, 12:35 p.m. UTC | #1 
On 23/10/2017 17:55, Christian Storm wrote:
> Yield an error message and fail early if a hash (sha256) is
> given but CONFIG_HASH_VERIFY is not enabled as core/util.c's
> IsValidHash() will fail (silently) later anyway.
> 
> Signed-off-by: Christian Storm <christian.storm@siemens.com>
> ---


Applied to -master, thanks !

Best regards,
Stefano Babic
diff mbox series

Patch

diff --git a/core/parser.c b/core/parser.c
index ce00bec..a1232bd 100644
--- a/core/parser.c
+++ b/core/parser.c
@@ -37,6 +37,21 @@  static parser_fn parsers[] = {
 	parse_external
 };
 
+#ifndef CONFIG_HASH_VERIFY
+static int check_hash_absent(struct imglist *list)
+{
+	struct img_type *image;
+	LIST_FOREACH(image, list, next) {
+		if (strnlen((const char *)image->sha256, SHA256_HASH_LENGTH) > 0) {
+			ERROR("hash verification not enabled but hash supplied for %s",
+				  image->fname);
+			return -EINVAL;
+		}
+	}
+	return 0;
+}
+#endif
+
 #ifdef CONFIG_SIGNED_IMAGES
 /*
  * Check that all images in a list have a valid hash
@@ -169,6 +184,12 @@  int parse(struct swupdate_cfg *sw, const char *descfile)
 	if (check_missing_hash(&sw->images) ||
 		check_missing_hash(&sw->scripts))
 		ret = -EINVAL;
+#else
+#ifndef CONFIG_HASH_VERIFY
+	if (check_hash_absent(&sw->images) ||
+		check_hash_absent(&sw->scripts))
+		ret = -EINVAL;
+#endif
 #endif
 
 	/*