[openwrt/openwrt] ar71xx: sysupgrade: improve CPE/WBS 210/510 validation, add new metadata offset

Tue Apr 10 09:59:19 PDT 2018

neoraider pushed a commit to openwrt/openwrt.git, branch lede-17.01:
https://git.lede-project.org/6577fe2198f5c75acb1dba789941d96a036f4dae

commit 6577fe2198f5c75acb1dba789941d96a036f4dae
Author: Matthias Schiffer <mschiffer at universe-factory.net>
AuthorDate: Tue Apr 10 18:06:20 2018 +0200

    ar71xx: sysupgrade: improve CPE/WBS 210/510 validation, add new metadata offset
    
    Previously, tplink_pharos_check_image() would accept any image with ELF
    magic and only non-printable data in the support-list, as in this case the
    while-read loop would not run at all. Add the new support-list offset and
    ensure an image is only accepted when the model string is actually found.
    
    Signed-off-by: Matthias Schiffer <mschiffer at universe-factory.net>
---
 .../ar71xx/base-files/lib/upgrade/platform.sh      | 32 ++++++++++++++--------
 1 file changed, 20 insertions(+), 12 deletions(-)

diff --git a/target/linux/ar71xx/base-files/lib/upgrade/platform.sh b/target/linux/ar71xx/base-files/lib/upgrade/platform.sh
index 21ad2a6..d2dc881 100755
--- a/target/linux/ar71xx/base-files/lib/upgrade/platform.sh
+++ b/target/linux/ar71xx/base-files/lib/upgrade/platform.sh
@@ -93,6 +93,22 @@ tplink_get_image_boot_size() {
 	get_image "$@" | dd bs=4 count=1 skip=37 2>/dev/null | hexdump -v -n 4 -e '1/1 "%02x"'
 }
 
+tplink_pharos_check_support_list() {
+	local image="$1"
+	local offset="$2"
+	local model="$3"
+
+	# Here $image is given to dd directly instead of using get_image;
+	# otherwise the skip will take almost a second (as dd can't seek)
+	dd if="$image" bs=1 skip=$offset count=1024 2>/dev/null | (
+		while IFS= read -r line; do
+			[ "$line" = "$model" ] && exit 0
+		done
+
+		exit 1
+	)
+}
+
 tplink_pharos_check_image() {
 	local magic_long="$(get_magic_long "$1")"
 	[ "$magic_long" != "7f454c46" ] && {
@@ -101,18 +117,10 @@ tplink_pharos_check_image() {
 	}
 
 	local model_string="$(tplink_pharos_get_model_string)"
-	local line
-
-	# Here $1 is given to dd directly instead of get_image as otherwise the skip
-	# will take almost a second (as dd can't seek then)
-	#
-	# This will fail if the image isn't local, but that's fine: as the
-	# read loop won't be executed at all, it will return true, so the image
-	# is accepted (loading the first 1.5M of a remote image for this check seems
-	# a bit extreme)
-	dd if="$1" bs=1 skip=1511432 count=1024 2>/dev/null | while read line; do
-		[ "$line" = "$model_string" ] && break
-	done || {
+
+	# New images have the support list at 7802888, old ones at 1511432
+	tplink_pharos_check_support_list "$1" 7802888 "$model_string" || \
+	tplink_pharos_check_support_list "$1" 1511432 "$model_string" || {
 		echo "Unsupported image (model not in support-list)"
 		return 1
 	}

