From e0c243c398a771df22fd3caf309b04eef3ba2683 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pali=20Roh=C3=A1r?= Date: Fri, 23 Jul 2021 11:14:03 +0200 Subject: [PATCH] tools: kwbimage: Validate data checksum of v1 images MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The data part of v1 images contains 32-bit checksum after the data. Validate whether this checksum is correct. Signed-off-by: Pali Rohár Reviewed-by: Marek Behún Reviewed-by: Stefan Roese Reviewed-by: Chris Packham Tested-by: Chris Packham --- tools/kwbimage.c | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/tools/kwbimage.c b/tools/kwbimage.c index 5d017dd5ac..edda0ce7aa 100644 --- a/tools/kwbimage.c +++ b/tools/kwbimage.c @@ -1672,6 +1672,8 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size, if (image_version((void *)ptr) == 1) { struct main_hdr_v1 *mhdr = (struct main_hdr_v1 *)ptr; + uint32_t offset; + uint32_t size; if (mhdr->ext & 0x1) { uint32_t ohdr_size; @@ -1697,6 +1699,47 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size, ohdr_size); } } + + offset = le32_to_cpu(mhdr->srcaddr); + + /* + * For SATA srcaddr is specified in number of sectors. + * The main header is must be stored at sector number 1. + * This expects that sector size is 512 bytes and recalculates + * data offset to bytes relative to the main header. + */ + if (mhdr->blockid == IBR_HDR_SATA_ID) { + if (offset < 1) + return -FDT_ERR_BADSTRUCTURE; + offset -= 1; + offset *= 512; + } + + /* + * For SDIO srcaddr is specified in number of sectors. + * This expects that sector size is 512 bytes and recalculates + * data offset to bytes. + */ + if (mhdr->blockid == IBR_HDR_SDIO_ID) + offset *= 512; + + /* + * For PCIe srcaddr is always set to 0xFFFFFFFF. + * This expects that data starts after all headers. + */ + if (mhdr->blockid == IBR_HDR_PEX_ID && offset == 0xFFFFFFFF) + offset = header_size; + + if (offset > image_size || offset % 4 != 0) + return -FDT_ERR_BADSTRUCTURE; + + size = le32_to_cpu(mhdr->blocksize); + if (offset + size > image_size || size % 4 != 0) + return -FDT_ERR_BADSTRUCTURE; + + if (image_checksum32(ptr + offset, size - 4) != + *(uint32_t *)(ptr + offset + size - 4)) + return -FDT_ERR_BADSTRUCTURE; } return 0; -- 2.39.5