From patchwork Tue Sep 22 09:24:15 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Storm, Christian" <christian.storm@siemens.com>
X-Patchwork-Id: 1368861
Return-Path: <swupdate+bncBDD6BWV65QPBBLUFU75QKGQEOSWZJ2I@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2a00:1450:4864:20::23c; helo=mail-lj1-x23c.google.com;
 envelope-from=swupdate+bncbdd6bwv65qpbblufu75qkgqeoswzj2i@googlegroups.com;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=siemens.com
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20161025 header.b=PJYdacwc;
	dkim-atps=neutral
Received: from mail-lj1-x23c.google.com (mail-lj1-x23c.google.com
 [IPv6:2a00:1450:4864:20::23c])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4BwbV05Q3gz9sPB
	for <incoming@patchwork.ozlabs.org>; Tue, 22 Sep 2020 19:24:03 +1000 (AEST)
Received: by mail-lj1-x23c.google.com with SMTP id p3sf4626630ljc.7
        for <incoming@patchwork.ozlabs.org>;
 Tue, 22 Sep 2020 02:24:03 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1600766639; cv=pass;
        d=google.com; s=arc-20160816;
        b=OcWFhs0BPggpQ9rJRk5wrnNOi2owozqH6D1nkT0LZlHRJ1m1e2zsjzBUaRfvXEhVnp
         TB3wO9Ztyan9nZ/Ta11JrfFyAIigizfA4BUwAkZf9niblJRuB8lH9zcJyKYig+ntTMB6
         /nNWaFY+pblxZKHgMt2fzsR6ww1/Kn1JA1RV+y9WIAXBUBC8LXUW2QgC6A9grKEdPNRS
         XPHbePoaCMdeAMUegkxHHxPNH/e6hW9NLY9GlbHZjN2rzeH0x5xSDcDPMf/N8XeD1ZNb
         vxlcACFfR/z7Gdpq0sIqUIrFHP2RALSXS7lWzuwViioswnU7IIxAS3ttAC8B9rKzdkQI
         EZpw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:message-id:date
         :subject:cc:to:from:sender:dkim-signature;
        bh=jC1tnyczkHNMaIY7ncZXyhPac7f1z4Urw9eX1VSxodU=;
        b=PCRH0htx2hP3KpFcog6B6b1UvqnpDB7MJVAsne/S1V1lI/SCCSJlQ0KS1Ra7vvupCq
         Y8akYAz+mBp2CGu8hlwPw6nTAiInAq+IEJAD2cX5Z/zCI38wcxljSAz6IGbLOjO/J2Rd
         3fj59R3shDLzO4pCCUOmFWpwV1bIKACIMEIIDGTaKuqBzjy2kxxLxnlCeEtfBaMqxBzz
         nuRaFH89INSvuW5YvTqG864+Yk8Z/ClfKD7IEEtJfvGIturDQ7eUUY0wMRcvYJIrdf7i
         axHeRToi0LzO32SKaGqdiEzXDTfCHqAvnv5+tJxKZfCkSvPFzrtiG3SlfB2/YN+aiD67
         3Evg==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       spf=pass (google.com: domain of christian.storm@siemens.com designates
 192.35.17.14 as permitted sender) smtp.mailfrom=christian.storm@siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20161025;
        h=sender:from:to:cc:subject:date:message-id:mime-version
         :x-original-sender:x-original-authentication-results:precedence
         :mailing-list:list-id:list-post:list-help:list-archive
         :list-subscribe:list-unsubscribe;
        bh=jC1tnyczkHNMaIY7ncZXyhPac7f1z4Urw9eX1VSxodU=;
        b=PJYdacwclFjGcc+rG5W/DJ6jxX7aJxVqAk+OErffe1hrRw8jhdhxrJUed/2NKC4fNR
         Ss9u5Pfc7nEoIcN8LqV1DrZt3LQZ5JmmL1rV2IitQmL/tzY23yTl8aRhxfjEPKPHOB3L
         6BEYSqbt0P74lN+Ju7807T5rvtCJz1KJM4gUGPqqNJVjOKfPSFuSqi6Zkkz0LW/5p2hU
         n0Mklc12VeUozqTvVFbRgbkTxxgjKmkPAGJO8l32IXhamr+PCMc7XSIeRYeLLWRr20I8
         JQ2fApZqUGBPayx7QOmGl0+JYwWkDgp6b8R+/hxrXwKw3/foTqbP7M0auDUt4TJCxdBN
         +7OA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=sender:x-gm-message-state:from:to:cc:subject:date:message-id
         :mime-version:x-original-sender:x-original-authentication-results
         :precedence:mailing-list:list-id:x-spam-checked-in-group:list-post
         :list-help:list-archive:list-subscribe:list-unsubscribe;
        bh=jC1tnyczkHNMaIY7ncZXyhPac7f1z4Urw9eX1VSxodU=;
        b=ZAhrcDFkeE/c6c+hDixF9rqOKzDA2aIND7SOZFCX1dwNvPgD2a8o5v49IVVFbkfA9X
         ER5/dozR737CvyhQbomvFq+Md5QHJ345pO5pC2KmPUSD2fa5y8Tcf+KzEtRWTL/cz6TF
         8hmlO7fJyE2oKEYeeDbr1HUEBUWh7Rwbh7YoAGde/tKlwbcqb+hH4+6wjylPPUmHmQ+x
         2bJMwDEpCmunSiSJu2Q/RxBu6tE7NjtwHRglJe5O1Rid5hFf/UHOIyOkDhEmIAyV9dHa
         biu/yTgmwZnkPjcYN4cQG6sWMduR8sD6onIHwX2IFQ5PvtCz/RiOBmjE8tHhNU+nzUoX
         FACQ==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AOAM530EFVgElkefttaVZm5STpOP2t6Bj21mGULW85MBOqcyESt+7lTQ
	GR6OHumJ1Kb7pQXKz5TnHAw=
X-Google-Smtp-Source: 
 ABdhPJzIJxJYSOcSbvzN9W/hv13+spmU3xRYmND1euPwP4AptL94evOl1CjJdNDJAiKPknYYfFGT+g==
X-Received: by 2002:a19:6b17:: with SMTP id d23mr1461110lfa.190.1600766639081;
        Tue, 22 Sep 2020 02:23:59 -0700 (PDT)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:ac2:5c44:: with SMTP id s4ls82046lfp.3.gmail; Tue, 22 Sep
 2020 02:23:57 -0700 (PDT)
X-Received: by 2002:a19:c355:: with SMTP id t82mr1439055lff.251.1600766637726;
        Tue, 22 Sep 2020 02:23:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600766637; cv=none;
        d=google.com; s=arc-20160816;
        b=F0XNFoBCptGCGMu/tm8Eu1amQimPyGCbvGV1qTJjVoVbNdwnBH9U1MXl6QDnbGaAqn
         8oADv2Vla0PhY4ft+zRtVxOYa5Vykjh3v9s/ZNZ+hnTVTMRf3foJICCmiOXpXmR7y3Hz
         gwvGdoczOXTtaxaGxf5FAtzxrcPOUlM2qatsHo+CAsdpPyJ4xriEhJVoar0Oqd2bqmDn
         jH2cp7WJoAp5x+FrsP9E23Pkb7OWRa0bVz/Wv1vUPdKumwoq5buBapBQy1ItURuZlfUU
         GPXz7e7tbcxiWQzF9d8pI4vLcJrKnv5Gok1LIik9bgPUO+kJCxKxjKh6XjihlPcT442P
         PIKg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from;
        bh=/401V3hJy96v9eegIllj4DXB3i78USIz8B5eTfeezlg=;
        b=cMrn+kh3F8GGhImbec7ajFzFdFnI0wmJOmhk2s/LH7VnhC+rCi6cUfFcDhdh9v5KgJ
         xu7lXwHTJC3dr2fBgmc8iHWXt10BA+CC8E3zCeZmY9w8oCCvyhd+oB0sj7G7fa1clEmB
         /d3JfdyC4vuTwc8ZmxKNBaVG0o8TBYHyeCuSFkw3v10WNiADK82fAZlR0UQg7f1HnOyI
         Rt9JkcB9z4s3U9uHwYD8xl3fU5q7DKCqPNgbafid9AZBH+9IebbIrUGO4MmUlHwj6C7V
         1tSEnNJ1Awr7RJhyRZazC0xBJwVnm8fURMftBqeHRQHQ/qD3IPDTmcT0gJi1lsM1HeyS
         +uJQ==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of christian.storm@siemens.com designates
 192.35.17.14 as permitted sender) smtp.mailfrom=christian.storm@siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Received: from david.siemens.de (david.siemens.de. [192.35.17.14])
        by gmr-mx.google.com with ESMTPS id
 11si333145lfl.4.2020.09.22.02.23.57
        for <swupdate@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 22 Sep 2020 02:23:57 -0700 (PDT)
Received-SPF: pass (google.com: domain of christian.storm@siemens.com
 designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14;
Received: from mail2.siemens.de (mail2.siemens.de [139.25.208.11])
	by david.siemens.de (8.15.2/8.15.2) with ESMTPS id 08M9NuBI024175
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <swupdate@googlegroups.com>; Tue, 22 Sep 2020 11:23:57 +0200
Received: from MD1ZFJVC.ad001.siemens.net ([139.22.34.103])
	by mail2.siemens.de (8.15.2/8.15.2) with ESMTP id 08M9NtZB000930;
	Tue, 22 Sep 2020 11:23:56 +0200
From: Christian Storm <christian.storm@siemens.com>
To: swupdate@googlegroups.com
Cc: Christian Storm <christian.storm@siemens.com>
Subject: [swupdate] [PATCH] IPC: Add bounds check for SET_UPDATE_STATE IPC
 call
Date: Tue, 22 Sep 2020 11:24:15 +0200
Message-Id: <20200922092415.27770-1-christian.storm@siemens.com>
X-Mailer: git-send-email 2.28.0
MIME-Version: 1.0
X-Original-Sender: christian.storm@siemens.com
X-Original-Authentication-Results: gmr-mx.google.com;       spf=pass
 (google.com: domain of christian.storm@siemens.com designates 192.35.17.14 as
 permitted sender) smtp.mailfrom=christian.storm@siemens.com;       dmarc=pass
 (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

Add a check to assert that the SET_UPDATE_STATE IPC call
was issued with valid values from update_state_t.

Signed-off-by: Christian Storm <christian.storm@siemens.com>
Acked-by: Stefano Babic <sbabic@denx.de>
---
 core/network_thread.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/core/network_thread.c b/core/network_thread.c
index 7b2d796..57d65bb 100644
--- a/core/network_thread.c
+++ b/core/network_thread.c
@@ -408,8 +408,10 @@ void *network_thread (void *data)
 				break;
 			case SET_UPDATE_STATE:
 				value = *(update_state_t *)msg.data.msg;
-				ret = save_state((char *)STATE_KEY, value);
-				msg.type = (ret == 0) ? ACK : NACK;
+				msg.type = (is_valid_state(value) &&
+					    save_state((char *)STATE_KEY, value) == SERVER_OK)
+					       ? ACK
+					       : NACK;
 				break;
 			default:
 				msg.type = NACK;