[PATCH v2] kwboot: do a filetype check before sending the image

Sebastian Hesselbarth sebastian.hesselbarth at gmail.com
Wed Jan 20 03:54:47 PST 2016 

On 01/20/2016 09:15 AM, Uwe Kleine-König wrote:
> The images that can be sent to a Marvell CPU have a fixed format. Do
> some sanity checks before actually sending an image for easier diagnosis
> of broken files.
>
> Signed-off-by: Uwe Kleine-König <uwe at kleine-koenig.org>
> ---
> Changes since (implicit) v1, sent with
> Message-Id: 1453276010-4669-1-git-send-email-uwe at kleine-koenig.org:
>
>   - whitespace fix
>   - error out if a problem is detected
>   - add a commit log
>
>   scripts/kwboot.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
>   1 file changed, 55 insertions(+)
>
> diff --git a/scripts/kwboot.c b/scripts/kwboot.c
> index 46328d8ed006..06e58f6a7e3b 100644
> --- a/scripts/kwboot.c
> +++ b/scripts/kwboot.c
> @@ -546,6 +546,59 @@ out:
>   	return rc;
>   }
>
> +static int
> +kwboot_check_image(unsigned char *img, size_t size)
> +{
> +	size_t i;
> +	size_t header_size, image_size;
> +	unsigned char csum = 0;
> +
> +	switch (img[0x0]) {
> +		case 0x5a: /* SPI/NOR */
> +		case 0x69: /* UART0 */
> +		case 0x78: /* SATA */
> +		case 0x8b: /* NAND */
> +		case 0x9c: /* PCIe */
> +			break;
> +		default:
> +			printf("Unknown boot source: 0x%hhx\n", img[0x0]);
> +			goto err;
> +	}
> +
> +	if (img[0x8] != 1) {
> +		printf("Unknown version: 0x%hhx\n", img[0x8]);
> +		goto err;
> +	}
> +
> +	image_size = img[0x4] | (img[0x5] << 8) |
> +		(img[0x6] << 16) | (img[0x7] << 24);
> +
> +	header_size = (img[0x9] << 16) | img[0xa] | (img[0xb] << 8);
> +
> +	if (header_size + image_size != size) {
> +		printf("Size mismatch (%zu + %zu != %zu)\n",
> +		       header_size, image_size, size);
> +		goto err;
> +	} else {
> +		for (i = 0; i < header_size; ++i)
> +			csum += img[i];
> +
> +		csum -= img[0x1f];
> +
> +		if (csum != img[0x1f]) {
> +			printf("Checksum mismatch: header: 0x%02hhx, calculated: 0x%02hhx\n",
> +			       img[0x1f], csum);
> +			goto err;
> +		}
> +	}
> +
> +	return 0;
> +
> +err:
> +	errno = EINVAL;
> +	return 1;
> +}
> +
>   static void *
>   kwboot_mmap_image(const char *path, size_t *size, int prot)
>   {
> @@ -574,6 +627,8 @@ kwboot_mmap_image(const char *path, size_t *size, int prot)
>
>   	rc = 0;
>   	*size = st.st_size;
> +
> +	rc = kwboot_check_image(img, *size);

Uwe,

while I like the check, a real "elite" hacking tool should always give
you the option to overrule any checks.

Mind to also add a "force" option to send the image regardless of the
outcome of kwboot_check_image?

Sebastian

>   out:
>   	if (rc && img) {
>   		munmap(img, st.st_size);
>

More information about the barebox mailing list