From 35606f14a388aeb418787c3fb6d4e8b0f75afae2 Mon Sep 17 00:00:00 2001 From: juhosg Date: Mon, 5 Dec 2011 14:52:33 +0000 Subject: ar71xx: check squashfs signature in TP-Link mtd parser git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29446 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- target/linux/ar71xx/files/drivers/mtd/tplinkpart.c | 32 +++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) (limited to 'target/linux/ar71xx/files') diff --git a/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c b/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c index 7b2ac7e40..2cbad5ada 100644 --- a/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c +++ b/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c @@ -10,6 +10,7 @@ #include #include #include +#include #include #include @@ -83,6 +84,26 @@ err: return NULL; } +static int tplink_check_squashfs_magic(struct mtd_info *mtd, size_t offset) +{ + u32 magic; + size_t retlen; + int ret; + + ret = mtd->read(mtd, offset, sizeof(magic), &retlen, + (unsigned char *) &magic); + if (ret) + return ret; + + if (retlen != sizeof(magic)) + return -EIO; + + if (le32_to_cpu(magic) != SQUASHFS_MAGIC) + return -EINVAL; + + return 0; +} + static int tplink_parse_partitions(struct mtd_info *master, struct mtd_partition **pparts, unsigned long origin) @@ -93,6 +114,7 @@ static int tplink_parse_partitions(struct mtd_info *master, size_t offset; size_t art_offset; size_t rootfs_offset; + size_t squashfs_offset; int ret; nr_parts = TPLINK_NUM_PARTS; @@ -111,7 +133,15 @@ static int tplink_parse_partitions(struct mtd_info *master, goto err_free_parts; } - rootfs_offset = offset + be32_to_cpu(header->rootfs_ofs); + squashfs_offset = offset + sizeof(struct tplink_fw_header) + + be32_to_cpu(header->kernel_len); + + ret = tplink_check_squashfs_magic(master, squashfs_offset); + if (ret == 0) + rootfs_offset = squashfs_offset; + else + rootfs_offset = offset + be32_to_cpu(header->rootfs_ofs); + art_offset = master->size - TPLINK_ART_LEN; parts[0].name = "u-boot"; -- cgit v1.2.3