From patchwork Fri Dec 15 14:19:40 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Glembotzki <m.glembo@gmail.com>
X-Patchwork-Id: 1876651
Return-Path: <swupdate+bncBDY5JUXLVIEBBS6C6GVQMGQETNLSNDQ@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20230601 header.b=xbHoUpnJ;
	dkim=pass (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20230601 header.b=XUON3bKX;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2a00:1450:4864:20::13c; helo=mail-lf1-x13c.google.com;
 envelope-from=swupdate+bncbdy5juxlviebbs6c6gvqmgqetnlsndq@googlegroups.com;
 receiver=patchwork.ozlabs.org)
Received: from mail-lf1-x13c.google.com (mail-lf1-x13c.google.com
 [IPv6:2a00:1450:4864:20::13c])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4SsBJw2Mdlz1ySd
	for <incoming@patchwork.ozlabs.org>; Sat, 16 Dec 2023 01:23:11 +1100 (AEDT)
Received: by mail-lf1-x13c.google.com with SMTP id
 2adb3069b0e04-50dfaa1ad34sf687619e87.1
        for <incoming@patchwork.ozlabs.org>;
 Fri, 15 Dec 2023 06:23:11 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1702650188; cv=pass;
        d=google.com; s=arc-20160816;
        b=vXbLDKRdsU0LbHAHLP6a/J4d84XjsqfnbSJiimVSrPGl3v2dGdphwCzHXE366U0uyC
         pmVLkkKhtu3hHbkjdGdq8ZUvWtQb8EOOyRJERdwdmDYfSLhvx9CDJMmZuyHROpHSVXij
         S339wbRkPMuh2MPBkj4zxVck5kanvPWkjRDc1pKog/zqQY92hRoW0H3bjyfaaYpsJEuo
         vfuLqlox50kq53e8BiDzFdf8x7PRWnp0UpgAN7Rzz3wuQb7/gy22M7DPRStH9lyzIHi9
         dZzDRpH47jzqEawq7btv7ZgBW8EwLJFmEJnOile5BgaPEPjrTUSNu2XjI3zcINdrZ5Z4
         EXEg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:sender:dkim-signature
         :dkim-signature;
        bh=y+OkQ5ijs0gEa9DYPKeAZvMVaTCXJ9do4dI8sFooWKc=;
        fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=;
        b=v1KKtx2PZwhMMkrmqT1vBv6Kx5Nhv2emwPWOAHBakkJemKNBaMX8zPt8G2TXT2YqpM
         xfyZW7KO3A8yvaqGdkow2yuLEHmqvSzClYYnR1JOw6jkgB27fwKXdiQ+Mvi2bKZeumDv
         rOJihahqsylRyNssiTe4Wcn9FjRUmfEC7pjQNJMwmhdv9NzEN0RbWLhhcC4YEKjU/YU0
         EKVXhAQMMzTVphArvrbNfmUbqVe81NorpFOH0dkFzHISQxxv1Iv0XN75GkqZ9EJBiKL0
         eg58llIujR/EQm4tzobd1efudvr2go0qXKU8k/DAhtsjljdcWLlF+X3lIWA6G0J+ZPs0
         JpPA==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=BFhYAuOm;
       spf=pass (google.com: domain of m.glembo@gmail.com designates
 2a00:1450:4864:20::129 as permitted sender) smtp.mailfrom=m.glembo@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1702650188; x=1703254988;
 darn=patchwork.ozlabs.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:mime-version:references:in-reply-to:message-id
         :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id
         :reply-to;
        bh=y+OkQ5ijs0gEa9DYPKeAZvMVaTCXJ9do4dI8sFooWKc=;
        b=xbHoUpnJcJcfrNmh43LapzelwB5lWvWY54chGYsBPDE59gqnPKq7Z/9QANpKSLS2Tk
         cB2Rp8FhEVK1A5p2Vwlxsxj7CGUTLM+o4Q5P9xo/Yq6hlXn6S0hPJHEuuv9bIf5jH+gU
         uMj4OKa5LIWh/mFIWNOtvhZM4g70yu7pL1Pu0gTf3LnjkVKPV7VWOUOwzFmW87/5uOn1
         Fe/TRNkLmtzyE+qkYlYg7eG73r0g5dWdkpHnVfsb93FsH+dk7Yc/JkWBTEpuT3Kk+JBY
         NX2WUoUNcOd+TW3NwaTpCqeEb1fH+ljpjm3ojKSay1mnETxC7+KU1ieHbMxX9rVFYEAA
         jD7g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1702650188; x=1703254988;
 darn=patchwork.ozlabs.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:mime-version:references:in-reply-to:message-id
         :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=y+OkQ5ijs0gEa9DYPKeAZvMVaTCXJ9do4dI8sFooWKc=;
        b=XUON3bKXKNCnxLXa4pghQIvlIvMHhOm3+SzJiw1oOEZ7P1Am2mcQVScqFPUvsyHu+S
         Lq2CC4XZJ1IHjH7uRj+dZhPn51HteX2xZvcwKvpTn9ZCTUf19A7yEFys/sqnliGffucJ
         4UmcX4iZRTne4DBdPY19kX0RQjhwupO67OEeGQv6vgjH11V53cv2wpztkFkBW2jalszK
         U8Tb9nspSA1I64zbpmdurrRrqhdPZrm1Eo/+LvSEcRLWJ7K0fpB+E0iHaUyjnopfXtoR
         L2IULr7bG+Uo5fW3VaSmRZ5B/qI0Of87TeCOtmX246I/+uPCJ+ldKItySaO6F/Eb47Rj
         Wlig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1702650188; x=1703254988;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :x-spam-checked-in-group:list-id:mailing-list:precedence
         :x-original-authentication-results:x-original-sender:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date
         :message-id:reply-to;
        bh=y+OkQ5ijs0gEa9DYPKeAZvMVaTCXJ9do4dI8sFooWKc=;
        b=RlWYFoufyZ/3iz3923ulSWhJT7Fse0k0M9EwXtLw2vrgemgqao0d809a5ue0Ssd/Ok
         l/ZuWD9UbujRMDV7zKU/YpKw2FpD5RHApvxPfdDdJMO1ioy0tiQhh2O0gHeuMzxN7LDj
         KGv5S1Kw7mikzSrl7gbgdGs+YVCdwd9oAIWPLzyaTKvjJLsHkFCesiNa3ASyqdmoe5Z4
         32VAfhxPuz4zocyJgiVbMEatK9EaFW9IGw/JY9ny3Z84S+kLymn9+yAbJSDl7qSXHAJn
         rE9+AOzSsLzEgWj8lt8PzDY53HzR6PlPeXCBJBOcBZkH7KOOvle3fbZT+JpO9RvUgFBo
         xGXQ==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOJu0YyTf2XKQMLhU/BemY4JpyzqIXcrXv2RZC0ZG9J0J7Q+Nm6up1Wf
	6EquhFmAJPmuzhxg8Hm3HhM=
X-Google-Smtp-Source: 
 AGHT+IHM7pmEyYfP9f4cF05qVX3RgVwoxSfWaj8b+k5H7K56cJZLWsOcqy+l0bQ5l6hl+hlObS+3Mw==
X-Received: by 2002:a05:6512:2316:b0:50b:f30b:5499 with SMTP id
 o22-20020a056512231600b0050bf30b5499mr8072960lfu.80.1702650188145;
        Fri, 15 Dec 2023 06:23:08 -0800 (PST)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:ac2:5dd0:0:b0:50b:f483:50fa with SMTP id
 x16-20020ac25dd0000000b0050bf48350fals445001lfq.0.-pod-prod-09-eu;
 Fri, 15 Dec 2023 06:23:06 -0800 (PST)
X-Received: by 2002:ac2:4152:0:b0:50b:e710:1579 with SMTP id
 c18-20020ac24152000000b0050be7101579mr4697792lfi.137.1702650185722;
        Fri, 15 Dec 2023 06:23:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1702650185; cv=none;
        d=google.com; s=arc-20160816;
        b=qGZeh4VfCwF40I+LS7Nk73BsZBzYJHn6jcHv7KeIdOj84ieEuyDEIlNjoKnIXONCTb
         /cCxnBsrQ0aT0mzRVK7JIBmOOQ3WtCMuNhHrSQUsRTs54XtxPFnWJycVZK+8iCgzS2OW
         xBoGwOj14BkSnWmBLOdFsvKVFjKbuly3gnF9wxAGxlKkZZjNcv9V8pNTh6coE3AwT0I2
         UCCkFF0oHnBu05hIvSNX5oVOgo29QKAi2MB7c09NtKZodwMuyBVEA9Nt3ySIG0YnDrd9
         xvpc6SesWXFmOZxZre46Qp9/VWPoYO//AaEglyFS6iDB2BszngjHD32dhabAxdIVuMi1
         1fHg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=3KX69FTZnDjIJ3tt1EpTYyqGpl9/11v6TD64CPlqFY0=;
        fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=;
        b=a448Dk+MWJCB+KmHaKe0ji707p4un2Td+g6i1zKBG25rl7YVYNBYaM92LQGn8wqG52
         A9xZWZu6wRo28MXHrIApUt8hp8wL1HIywOn1CQ7mAcrM461pHtzmjDaL/6cYaBfLh8yW
         qDVjKCyOUU2+9fiiwT6pNhGcBce8qFJyTU8gxJYMfux9wcLXI1sroC/xkydRYi9F8B7M
         7tXDaql+7tHgKKYoT9QJMSZWekL3OHyw+0Z8XO78f8Q/SiNM0SivksocZ8EODkzNY1PL
         V0aNsFpa0JvPqcluefOGPtfJCTSjxq1VlgKbKFqlFzpTtq5ifOjjAZSsdGxjDB6wFTvP
         xXkw==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=BFhYAuOm;
       spf=pass (google.com: domain of m.glembo@gmail.com designates
 2a00:1450:4864:20::129 as permitted sender) smtp.mailfrom=m.glembo@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com.
 [2a00:1450:4864:20::129])
        by gmr-mx.google.com with ESMTPS id
 w13-20020a05651234cd00b0050c0ed16f00si639092lfr.3.2023.12.15.06.23.05
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 15 Dec 2023 06:23:05 -0800 (PST)
Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates
 2a00:1450:4864:20::129 as permitted sender) client-ip=2a00:1450:4864:20::129;
Received: by mail-lf1-x129.google.com with SMTP id
 2adb3069b0e04-50e234f4402so45549e87.1
        for <swupdate@googlegroups.com>; Fri, 15 Dec 2023 06:23:05 -0800 (PST)
X-Received: by 2002:a05:6512:b9b:b0:50b:d764:9672 with SMTP id
 b27-20020a0565120b9b00b0050bd7649672mr8639200lfv.86.1702650184608;
        Fri, 15 Dec 2023 06:23:04 -0800 (PST)
Received: from PC-2635.irisgmbh.local
 (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41])
        by smtp.gmail.com with ESMTPSA id
 vx6-20020a170907a78600b00a1e852ab3f0sm10944029ejc.15.2023.12.15.06.23.03
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 15 Dec 2023 06:23:04 -0800 (PST)
From: Michael Glembotzki <m.glembo@gmail.com>
To: swupdate@googlegroups.com
Cc: Michael Glembotzki <Michael.Glembotzki@iris-sensing.com>
Subject: [swupdate] [V3][PATCH 03/10] parser: BUG: Invalid image ivt size
Date: Fri, 15 Dec 2023 15:19:40 +0100
Message-ID: <20231215142251.52393-4-Michael.Glembotzki@iris-sensing.com>
X-Mailer: git-send-email 2.42.0
In-Reply-To: <20231215142251.52393-1-Michael.Glembotzki@iris-sensing.com>
References: <20231215142251.52393-1-Michael.Glembotzki@iris-sensing.com>
MIME-Version: 1.0
X-Original-Sender: m.glembo@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@gmail.com header.s=20230601 header.b=BFhYAuOm;       spf=pass
 (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::129
 as permitted sender) smtp.mailfrom=m.glembo@gmail.com;       dmarc=pass
 (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

Only set the image ivt_ascii if the size is valid.

Signed-off-by: Michael Glembotzki <Michael.Glembotzki@iris-sensing.com>
---
 core/parsing_library.c | 15 +++++++++++++++
 include/parselib.h     |  1 +
 parser/parser.c        |  2 +-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/core/parsing_library.c b/core/parsing_library.c
index 8d21683..dcb3b73 100644
--- a/core/parsing_library.c
+++ b/core/parsing_library.c
@@ -209,6 +209,21 @@ void get_hash_value(parsertype p, void *elem, unsigned char *hash)
 	ascii_to_hash(hash, hash_ascii);
 }
 
+void get_ivt_value(parsertype p, void *elem, char *ivt_ascii)
+{
+	size_t ivtlen;
+	const char *s = NULL;
+	s = get_field_string(p, elem, "ivt");
+	if (s) {
+		ivtlen = strnlen(s, SWUPDATE_GENERAL_STRING_SIZE);
+		if (ivtlen != (AES_BLK_SIZE*2)) {
+			ERROR("Invalid ivt length");
+			return;
+		}
+		get_field_string_with_size(p, elem, "ivt", ivt_ascii, ivtlen);
+	}
+}
+
 bool set_find_path(const char **nodes, const char *newpath, char **tmp)
 {
 	char **paths;
diff --git a/include/parselib.h b/include/parselib.h
index b167470..cbf13c0 100644
--- a/include/parselib.h
+++ b/include/parselib.h
@@ -84,6 +84,7 @@ void iterate_field(parsertype p, void *e, iterate_callback cb, void *data);
 void get_field(parsertype p, void *e, const char *path, void *dest);
 int exist_field_string(parsertype p, void *e, const char *path);
 void get_hash_value(parsertype p, void *elem, unsigned char *hash);
+void get_ivt_value(parsertype p, void *elem, char *ivt_ascii);
 void check_field_string(const char *src, char *dst, const size_t max_len);
 void *find_root(parsertype p, void *root, const char **nodes);
 void *get_node(parsertype p, void *root, const char **nodes);
diff --git a/parser/parser.c b/parser/parser.c
index 60f979a..bbabae5 100644
--- a/parser/parser.c
+++ b/parser/parser.c
@@ -451,7 +451,7 @@ static int parse_common_attributes(parsertype p, void *elem, struct img_type *im
 	get_field(p, elem, "install-if-different", &image->id.install_if_different);
 	get_field(p, elem, "install-if-higher", &image->id.install_if_higher);
 	get_field(p, elem, "encrypted", &image->is_encrypted);
-	GET_FIELD_STRING(p, elem, "ivt", image->ivt_ascii);
+	get_ivt_value(p, elem, image->ivt_ascii);
 
 	if (is_image_installed(&cfg->installed_sw_list, image)) {
 		image->skip = SKIP_SAME;