diff options
author | Gabor Juhos <juhosg@openwrt.org> | 2011-12-05 14:52:33 +0000 |
---|---|---|
committer | Gabor Juhos <juhosg@openwrt.org> | 2011-12-05 14:52:33 +0000 |
commit | bb48c3c03e1bb1796553840f5d0e2c70c0aba199 (patch) | |
tree | 1200df199c248d42bf4160be52e118812a9d7658 /target/linux/ar71xx/files/drivers/mtd | |
parent | ccf2049b105bb6051b6104fd1ed9d21d352a8b10 (diff) | |
download | upstream-bb48c3c03e1bb1796553840f5d0e2c70c0aba199.tar.gz upstream-bb48c3c03e1bb1796553840f5d0e2c70c0aba199.tar.bz2 upstream-bb48c3c03e1bb1796553840f5d0e2c70c0aba199.zip |
ar71xx: check squashfs signature in TP-Link mtd parser
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29446 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'target/linux/ar71xx/files/drivers/mtd')
-rw-r--r-- | target/linux/ar71xx/files/drivers/mtd/tplinkpart.c | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c b/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c index 7b2ac7e40d..2cbad5ada1 100644 --- a/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c +++ b/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c @@ -10,6 +10,7 @@ #include <linux/kernel.h> #include <linux/slab.h> #include <linux/vmalloc.h> +#include <linux/magic.h> #include <linux/mtd/mtd.h> #include <linux/mtd/partitions.h> @@ -83,6 +84,26 @@ err: return NULL; } +static int tplink_check_squashfs_magic(struct mtd_info *mtd, size_t offset) +{ + u32 magic; + size_t retlen; + int ret; + + ret = mtd->read(mtd, offset, sizeof(magic), &retlen, + (unsigned char *) &magic); + if (ret) + return ret; + + if (retlen != sizeof(magic)) + return -EIO; + + if (le32_to_cpu(magic) != SQUASHFS_MAGIC) + return -EINVAL; + + return 0; +} + static int tplink_parse_partitions(struct mtd_info *master, struct mtd_partition **pparts, unsigned long origin) @@ -93,6 +114,7 @@ static int tplink_parse_partitions(struct mtd_info *master, size_t offset; size_t art_offset; size_t rootfs_offset; + size_t squashfs_offset; int ret; nr_parts = TPLINK_NUM_PARTS; @@ -111,7 +133,15 @@ static int tplink_parse_partitions(struct mtd_info *master, goto err_free_parts; } - rootfs_offset = offset + be32_to_cpu(header->rootfs_ofs); + squashfs_offset = offset + sizeof(struct tplink_fw_header) + + be32_to_cpu(header->kernel_len); + + ret = tplink_check_squashfs_magic(master, squashfs_offset); + if (ret == 0) + rootfs_offset = squashfs_offset; + else + rootfs_offset = offset + be32_to_cpu(header->rootfs_ofs); + art_offset = master->size - TPLINK_ART_LEN; parts[0].name = "u-boot"; |