diff options
author | juhosg <juhosg@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2011-12-05 14:52:33 +0000 |
---|---|---|
committer | juhosg <juhosg@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2011-12-05 14:52:33 +0000 |
commit | 35606f14a388aeb418787c3fb6d4e8b0f75afae2 (patch) | |
tree | 1200df199c248d42bf4160be52e118812a9d7658 /target/linux/ar71xx | |
parent | c07b7093434b8bcdb038f7c6056cb34f772990d7 (diff) |
ar71xx: check squashfs signature in TP-Link mtd parser
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29446 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'target/linux/ar71xx')
-rw-r--r-- | target/linux/ar71xx/files/drivers/mtd/tplinkpart.c | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c b/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c index 7b2ac7e40..2cbad5ada 100644 --- a/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c +++ b/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c @@ -10,6 +10,7 @@ #include <linux/kernel.h> #include <linux/slab.h> #include <linux/vmalloc.h> +#include <linux/magic.h> #include <linux/mtd/mtd.h> #include <linux/mtd/partitions.h> @@ -83,6 +84,26 @@ err: return NULL; } +static int tplink_check_squashfs_magic(struct mtd_info *mtd, size_t offset) +{ + u32 magic; + size_t retlen; + int ret; + + ret = mtd->read(mtd, offset, sizeof(magic), &retlen, + (unsigned char *) &magic); + if (ret) + return ret; + + if (retlen != sizeof(magic)) + return -EIO; + + if (le32_to_cpu(magic) != SQUASHFS_MAGIC) + return -EINVAL; + + return 0; +} + static int tplink_parse_partitions(struct mtd_info *master, struct mtd_partition **pparts, unsigned long origin) @@ -93,6 +114,7 @@ static int tplink_parse_partitions(struct mtd_info *master, size_t offset; size_t art_offset; size_t rootfs_offset; + size_t squashfs_offset; int ret; nr_parts = TPLINK_NUM_PARTS; @@ -111,7 +133,15 @@ static int tplink_parse_partitions(struct mtd_info *master, goto err_free_parts; } - rootfs_offset = offset + be32_to_cpu(header->rootfs_ofs); + squashfs_offset = offset + sizeof(struct tplink_fw_header) + + be32_to_cpu(header->kernel_len); + + ret = tplink_check_squashfs_magic(master, squashfs_offset); + if (ret == 0) + rootfs_offset = squashfs_offset; + else + rootfs_offset = offset + be32_to_cpu(header->rootfs_ofs); + art_offset = master->size - TPLINK_ART_LEN; parts[0].name = "u-boot"; |