diff options
author | Gabor Juhos <juhosg@openwrt.org> | 2011-12-05 14:52:33 +0000 |
---|---|---|
committer | Gabor Juhos <juhosg@openwrt.org> | 2011-12-05 14:52:33 +0000 |
commit | 3e7a6d182afe723381cbe047b1823912897ea6d0 (patch) | |
tree | 28e70818662b2b4bcdb3cf89a4328741bb8dae77 /target/linux | |
parent | 54c8d61b032fcd26a6a20a2a461673d357054d78 (diff) | |
download | upstream-3e7a6d182afe723381cbe047b1823912897ea6d0.tar.gz upstream-3e7a6d182afe723381cbe047b1823912897ea6d0.tar.bz2 upstream-3e7a6d182afe723381cbe047b1823912897ea6d0.zip |
ar71xx: check squashfs signature in TP-Link mtd parser
SVN-Revision: 29446
Diffstat (limited to 'target/linux')
-rw-r--r-- | target/linux/ar71xx/files/drivers/mtd/tplinkpart.c | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c b/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c index 7b2ac7e40d..2cbad5ada1 100644 --- a/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c +++ b/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c @@ -10,6 +10,7 @@ #include <linux/kernel.h> #include <linux/slab.h> #include <linux/vmalloc.h> +#include <linux/magic.h> #include <linux/mtd/mtd.h> #include <linux/mtd/partitions.h> @@ -83,6 +84,26 @@ err: return NULL; } +static int tplink_check_squashfs_magic(struct mtd_info *mtd, size_t offset) +{ + u32 magic; + size_t retlen; + int ret; + + ret = mtd->read(mtd, offset, sizeof(magic), &retlen, + (unsigned char *) &magic); + if (ret) + return ret; + + if (retlen != sizeof(magic)) + return -EIO; + + if (le32_to_cpu(magic) != SQUASHFS_MAGIC) + return -EINVAL; + + return 0; +} + static int tplink_parse_partitions(struct mtd_info *master, struct mtd_partition **pparts, unsigned long origin) @@ -93,6 +114,7 @@ static int tplink_parse_partitions(struct mtd_info *master, size_t offset; size_t art_offset; size_t rootfs_offset; + size_t squashfs_offset; int ret; nr_parts = TPLINK_NUM_PARTS; @@ -111,7 +133,15 @@ static int tplink_parse_partitions(struct mtd_info *master, goto err_free_parts; } - rootfs_offset = offset + be32_to_cpu(header->rootfs_ofs); + squashfs_offset = offset + sizeof(struct tplink_fw_header) + + be32_to_cpu(header->kernel_len); + + ret = tplink_check_squashfs_magic(master, squashfs_offset); + if (ret == 0) + rootfs_offset = squashfs_offset; + else + rootfs_offset = offset + be32_to_cpu(header->rootfs_ofs); + art_offset = master->size - TPLINK_ART_LEN; parts[0].name = "u-boot"; |