From patchwork Tue Apr 30 12:43:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1929493 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=kwjayMC8; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=EOe9prcn; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::139; helo=mail-lf1-x139.google.com; envelope-from=swupdate+bncbdy5juxlviebbh6pyoyqmgqei35jmia@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-lf1-x139.google.com (mail-lf1-x139.google.com [IPv6:2a00:1450:4864:20::139]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VTKdc5XbRz20fY for ; Tue, 30 Apr 2024 22:44:19 +1000 (AEST) Received: by mail-lf1-x139.google.com with SMTP id 2adb3069b0e04-516c8697daasf4373588e87.2 for ; Tue, 30 Apr 2024 05:44:19 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714481056; cv=pass; d=google.com; s=arc-20160816; b=re+E8kl+35KbGP8QKCRjVFDNYwS1iwQKNfx7awYITt5gVptKRPpn3tpVNtWRPOoSE9 N4PPlwLnfQ7Rhbpiqy78P3y0mZfioxPSgXAzX/s/gMKKwR+FulNJ53oDZ011fIgKldns mXJVR4d9G5J+j0l2LWFWYOSdLxzBb2S5sdDueTgPbIDYVFvyki9aLyr0c87dH+Cub19V /5RgpI3PD+OhaCjigOVj14sqPp3jMw4NkomuxxmxzRTSrXpSVE9sAQTL/Dd39RL39HFQ M7gSs92xNcJt6ZKlY0YjTlnq6I6AJ/WGABX9YzAq7LLAHaOOsRtWU98F00ZzoxklTA1n zrvw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:message-id:date :subject:cc:to:from:sender:dkim-signature:dkim-signature; bh=Lp+QRj9U/mOCQ+A5vvOiOSUG5g1nRdL5Dn431V2eqNw=; fh=6sbPPd7UgEDhblDxbKOXFlwloa+KBGFcz3+7At78oRc=; b=Xa/2I6c6/dc084XtiiIks7Do3L6/uFihGJ/bEpvoWdBiQc0CX3lZsPsU6cq9ho9LZW N3UeM+osS9n63ok1IxLWVywEMkHvdn/LNiD0LfWwZaQ+kiRP6akX6cR3Riu0bi9pKKeS B1H8b9mZvBpzkZlidEuxB6MrTJUOX5sdw1/lG3FGtYNQH26W+U6zEBrjUxvyTsSso7yL vVkwqMoN7pLLwFF45NUYLZdvpEskvl/FpprRvMv9TcoKtx8OmoFRF+wugViDDM+Ii8Z0 B3EpxFAQDHqYJA5hmBHAUaeluax8nm48h/8yu527ED34JiWsNquufjjubRyFOpuEQaWy dviA==; darn=patchwork.ozlabs.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Z8kXlxuc; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::12c as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1714481056; x=1715085856; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:message-id:date:subject:cc:to:from :sender:from:to:cc:subject:date:message-id:reply-to; bh=Lp+QRj9U/mOCQ+A5vvOiOSUG5g1nRdL5Dn431V2eqNw=; b=kwjayMC8Xu+Zo+6a0hu89zSJVe5IbGiUrsZG0SEMBgRgvjST2pzQ6U20V4fos6rbO3 o4Szi1g9B8EOkNiQx2TX+DjFuJjV9oftMcpMmLc0yy84JDeYzWmcsGNmt/JdwINhv6Ux y+jvTSDkkPoouWnBJMjMk28JD9HBlckrAyzZU+XzPuemAfYtfgW4FfmkxL6wWSNCz8ny L/9MnMg18hp6XI6Aot+lIevZnwee1had7NEs/8t6bA0TDlCWkAAmsb6GSGrqc+tYYC+p sZ4v6b0aoH3mBJ6xGuxiHLduAl3Wb25qtO0SKh9gz1Mc/WwhC/0PlgmYhigRayEZRrxx kylg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714481056; x=1715085856; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:message-id:date:subject:cc:to:from :from:to:cc:subject:date:message-id:reply-to; bh=Lp+QRj9U/mOCQ+A5vvOiOSUG5g1nRdL5Dn431V2eqNw=; b=EOe9prcnCncxL8t9hn1NGb7jEd0Z+e2fnKhDzdQVBo1coJ1N8u4OrH0pL+8FuDweA6 Ctpag56XTBt6HRHPC/PvL590xINC3uv9i9O9DYlDvGMgcajtAZvVNBp4HpXqCKiivfCa CQSEd6jS4VCWkuqfLJQHxjAVMyHhDrHnITeKZYE/CStiUju6++Bh7amN3OUvjY4Wqgmk 30O4EtjEVH+A329KXnvQxhR4B9rSIX/HihhB7PJANgzvTpwW1MDMWHy22ZrfX49s1NXD wCN8pfwT8VImIogjHQRejNT3QTSAUqTxTdGx0LjoHz5e4G5xu3rn8v+Ecysb7WTWVS98 hUPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714481056; x=1715085856; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :message-id:date:subject:cc:to:from:x-beenthere:x-gm-message-state :sender:from:to:cc:subject:date:message-id:reply-to; bh=Lp+QRj9U/mOCQ+A5vvOiOSUG5g1nRdL5Dn431V2eqNw=; b=oWHZHYENolZv5yKRXiWd0diZOWVyGXsPU2lF4tPpg9uAxwAWU3GuaiENYKAii4Gv1e k1ssqlwd1hiCzjT0UP3fWscPpvTfe4I/76ccU6Jc+78qctVKEGyqaxR4pJI7SQ+HtkgI gxBilyurHT66FAQuAkSPFJTl2HfpuFO/bIPK5FwcKco9PNriEuTgmb82dHerUDPX1+br K6eQmKStKc0And3WGmWfen3yDxquJBWXmg/MPsy4mTeQ1qG1Na/QKdzzhcqzgqfJImnn xnbzGgkLpXAR/fpFM26NaFvIY02CQSL5XjwnaSLxPdMnlWAhED055Saieh4u+q4wT5H1 Rbeg== Sender: swupdate@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCUIqpChDfk5gOcb1c+2Uh0GYe75tR8j7lJmheZzV0F/pwBqxEp3/XWJsIceQDXPvy9oMB6FlrfjmDhnpyK2e0LY9u7BD/mw6Q37eUTXuQ== X-Gm-Message-State: AOJu0Yw8Mt+NGa9H/UF3JMcEP0qW+RT4vitm99vz8uYJkza8bgwYjGCj qKY8y0yFWw/UsCnI/aco1ZVAAhrjx3G9pQqKefkqmSLQ4jJqW+gv X-Google-Smtp-Source: AGHT+IHWhMClJDjpY4mjspobqaJ09P2KMyd/GFMaUq0W2y0SYw5BbaNbYJr0W03j+5j5ASCFaO1pOg== X-Received: by 2002:a05:6512:5c6:b0:515:beef:837f with SMTP id o6-20020a05651205c600b00515beef837fmr1810978lfo.29.1714481056072; Tue, 30 Apr 2024 05:44:16 -0700 (PDT) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a05:6512:3ba0:b0:518:d08c:a411 with SMTP id 2adb3069b0e04-51c2fd03364ls788263e87.2.-pod-prod-03-eu; Tue, 30 Apr 2024 05:44:13 -0700 (PDT) X-Received: by 2002:a05:6512:3048:b0:51c:2070:c69d with SMTP id b8-20020a056512304800b0051c2070c69dmr2011611lfb.55.1714481053111; Tue, 30 Apr 2024 05:44:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1714481053; cv=none; d=google.com; s=arc-20160816; b=X1dS6kxHxulVmB0LNzfuEJ25kUd9N7ebZaUn4nymo2INa86f7iIuU6p7kFX/81uzug ojLVD9IUUH6MR+c6YsyT6sTv/U4AmmxVdrtUYM14/fEhhV4Rs2DxIEsHnAdj5o6dPX/Q 4KsPmjAOWbNHV5UJ6adoV+cgwZODq5/i6lIvH3Mnm+cnxyHJ4/fOtrxfaE7OqRhFNor9 TJsn+SupqTdYenzNPEwc3zRlM2s1mHz1EtYUahkTk4RnfFRKU5sZ+O61AdMuQSoCwDLF hEMPLp5TMSEfcabqlAvS0ptrSU2uRZuODjrlBmE9cEiuZs185HIO5ol00Kb/RtHPAfuk 9pSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature; bh=9yjQBErl2ZhDxw0InSSuYbUb/GZBQeilgQCg8iGk4/k=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=vVGkvU6oFj58difpRw7ssn3mArCE9w4lXOu6kDjfgDzwECDPfKSho6prBYNWEDghuf IE/3gE7TPWsQzNKdGR158Ahpo+bVJgpnZ7YRioV5ahmcHHoIvH+gxVMNVav+HZpwNnsY eSliyvIc3zRKf2rqcff2LjTRzbepUypKMYxCRu6hz9ifxmKDousFqfNw1fG+nZwl5Rw5 HVw0tvz8CCD5tf4BHAX4IaLqCtmMOoraD+z5VpPRPmaf/rfc3Vj9eg984KrEsM3Ar5t1 02Vw5vmWda9qf//g+noxgJGj7zqaxJ7KYupPlAylGzCO3Y7WvvAzsTCa6TtNNaF9OW0d kcGw==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Z8kXlxuc; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::12c as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com. [2a00:1450:4864:20::12c]) by gmr-mx.google.com with ESMTPS id f13-20020a05651232cd00b0051d25e76034si103036lfg.3.2024.04.30.05.44.13 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 30 Apr 2024 05:44:13 -0700 (PDT) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::12c as permitted sender) client-ip=2a00:1450:4864:20::12c; Received: by mail-lf1-x12c.google.com with SMTP id 2adb3069b0e04-516d1ecaf25so7825383e87.2 for ; Tue, 30 Apr 2024 05:44:13 -0700 (PDT) X-Received: by 2002:a05:6512:3d21:b0:516:9f1a:929d with SMTP id d33-20020a0565123d2100b005169f1a929dmr2432297lfv.1.1714481051752; Tue, 30 Apr 2024 05:44:11 -0700 (PDT) Received: from localhost.localdomain ([2a02:8108:96c0:76fc::3f69]) by smtp.gmail.com with ESMTPSA id a101-20020a509eee000000b00572459a4ffesm5869281edf.56.2024.04.30.05.44.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Apr 2024 05:44:11 -0700 (PDT) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [PATCH 1/3] stream_interface: Fix 16kB issue on save_stream Date: Tue, 30 Apr 2024 14:43:14 +0200 Message-ID: <20240430124316.1714467-1-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.44.0 MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Z8kXlxuc; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::12c as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , The first two cpio blocks are alternately read into tmpfd. Previously it was assumed that both files fit into a 16 kB buffer. Signed-off-by: Michael Glembotzki Reviewed-by: Stefano Babic --- core/stream_interface.c | 72 +++++++++++++++++++++++------------------ include/util.h | 1 - 2 files changed, 41 insertions(+), 32 deletions(-) diff --git a/core/stream_interface.c b/core/stream_interface.c index 5ebaca68..5f3ad2e3 100644 --- a/core/stream_interface.c +++ b/core/stream_interface.c @@ -374,7 +374,6 @@ static int save_stream(int fdin, struct swupdate_cfg *software) { unsigned char *buf; int fdout = -1, ret, len; - const int bufsize = 16 * 1024; int tmpfd = -1; char tmpfilename[MAX_IMAGE_FNAME]; struct filehdr fdh; @@ -383,7 +382,11 @@ static int save_stream(int fdin, struct swupdate_cfg *software) char output_file[MAX_IMAGE_FNAME]; const char* TMPDIR = get_tmpdir(); bool encrypted_sw_desc = false; + int files = 1; +#ifdef CONFIG_SIGNED_IMAGES + files = 2; // sw-description and sw-description.sig +#endif #ifdef CONFIG_ENCRYPTED_SW_DESCRIPTION encrypted_sw_desc = true; #endif @@ -392,7 +395,7 @@ static int save_stream(int fdin, struct swupdate_cfg *software) snprintf(tmpfilename, sizeof(tmpfilename), "%s/%s", TMPDIR, SW_TMP_OUTPUT); - buf = (unsigned char *)malloc(bufsize); + buf = (unsigned char *)malloc(sizeof(struct new_ascii_header)); if (!buf) { ERROR("OOM when saving stream"); return -ENOMEM; @@ -410,39 +413,46 @@ static int save_stream(int fdin, struct swupdate_cfg *software) ret = -EFAULT; goto no_copy_output; } - len = read(fdin, buf, bufsize); - if (len < 0) { - ERROR("Reading from file failed, error %d", errno); - ret = -EFAULT; - goto no_copy_output; - } - if (get_cpiohdr(buf, &fdh) < 0) { - ERROR("CPIO Header corrupted, cannot be parsed"); - ret = -EINVAL; - goto no_copy_output; - } /* - * Make an estimation for sw-description and signature. - * Signature cannot be very big - if it is, it is an attack. - * So let a buffer just for the signature - tmpsize is enough for both - * sw-description and sw-description.sig, if any. + * Copy first two cpio blocks (sw-description and sw-description.sig) into tmpfd */ - tmpsize = SWUPDATE_ALIGN(fdh.size + fdh.namesize + sizeof(struct new_ascii_header) + bufsize - len, - bufsize); - ret = copy_write(&tmpfd, buf, len); /* copy the first buffer */ - if (ret < 0) { - ret = -EIO; - goto no_copy_output; - } + while (files-- > 0) { + len = fill_buffer(fdin, buf, sizeof(struct new_ascii_header)); + if (len < 0) { + ERROR("Reading from file failed, error %d", errno); + ret = -EFAULT; + goto no_copy_output; + } - /* - * copy enough bytes to have sw-description and sw-description.sig - */ - ret = cpfiles(fdin, tmpfd, tmpsize); - if (ret < 0) { - ret = -EIO; - goto no_copy_output; + if (get_cpiohdr(buf, &fdh) < 0) { + ERROR("CPIO Header corrupted, cannot be parsed"); + ret = -EINVAL; + goto no_copy_output; + } + + ret = copy_write(&tmpfd, buf, len); + if (ret < 0) { + ret = -EIO; + goto no_copy_output; + } + + /* + * calc remaining bytes of the cpio block + */ + tmpsize = sizeof(struct new_ascii_header) + fdh.namesize; + tmpsize += NPAD_BYTES(tmpsize) + fdh.size; + tmpsize += NPAD_BYTES(tmpsize); + tmpsize -= sizeof(struct new_ascii_header); + + /* + * copy the remaining bytes to have a complete cpio block + */ + ret = cpfiles(fdin, tmpfd, tmpsize); + if (ret < 0) { + ret = -EIO; + goto no_copy_output; + } } lseek(tmpfd, 0, SEEK_SET); offset = 0; diff --git a/include/util.h b/include/util.h index e1350633..77da1b17 100644 --- a/include/util.h +++ b/include/util.h @@ -33,7 +33,6 @@ #define AES_256_KEY_LEN 32 #define HWID_REGEXP_PREFIX "#RE:" -#define SWUPDATE_ALIGN(A,S) (((A) + (S) - 1) & ~((S) - 1)) #define BOOTVAR_TRANSACTION "recovery_status"