diff options
| -rw-r--r-- | arch/arm/lib/bootm.c | 2 | ||||
| -rw-r--r-- | arch/arm/mach-imx/imx-bbu-internal.c | 4 | ||||
| -rw-r--r-- | commands/bootm.c | 2 | ||||
| -rw-r--r-- | common/filetype.c | 39 | ||||
| -rw-r--r-- | common/uimage.c | 2 | ||||
| -rw-r--r-- | include/filetype.h | 4 | ||||
| -rw-r--r-- | lib/gui/image_renderer.c | 6 | ||||
| -rw-r--r-- | lib/uncompress.c | 4 |
8 files changed, 40 insertions, 23 deletions
diff --git a/arch/arm/lib/bootm.c b/arch/arm/lib/bootm.c index 288c0b24a8..51ac9af605 100644 --- a/arch/arm/lib/bootm.c +++ b/arch/arm/lib/bootm.c @@ -143,7 +143,7 @@ static int do_bootz_linux_fdt(int fd, struct image_data *data) if (ret < sizeof(*header)) return ret; - if (file_detect_type(header) != filetype_oftree) + if (file_detect_type(header, sizeof(*header)) != filetype_oftree) return -ENXIO; end = be32_to_cpu(header->totalsize); diff --git a/arch/arm/mach-imx/imx-bbu-internal.c b/arch/arm/mach-imx/imx-bbu-internal.c index c34f86f33a..881c20ae9a 100644 --- a/arch/arm/mach-imx/imx-bbu-internal.c +++ b/arch/arm/mach-imx/imx-bbu-internal.c @@ -110,7 +110,7 @@ static int imx_bbu_internal_v1_update(struct bbu_handler *handler, struct bbu_da int ret, image_len; void *buf; - if (file_detect_type(data->image) != filetype_arm_barebox) { + if (file_detect_type(data->image, data->len) != filetype_arm_barebox) { if (!bbu_force(data, "Not an ARM barebox image")) return -EINVAL; } @@ -332,7 +332,7 @@ static int imx_bbu_internal_v2_update(struct bbu_handler *handler, struct bbu_da int ret, image_len; void *buf; - if (file_detect_type(data->image) != filetype_arm_barebox) { + if (file_detect_type(data->image, data->len) != filetype_arm_barebox) { if (!bbu_force(data, "Not an ARM barebox image")) return -EINVAL; } diff --git a/commands/bootm.c b/commands/bootm.c index 98d2e4faf6..483e6a1933 100644 --- a/commands/bootm.c +++ b/commands/bootm.c @@ -184,7 +184,7 @@ static int bootm_open_oftree(struct image_data *data, const char *oftree, int nu } } - ft = file_detect_type(fdt); + ft = file_detect_type(fdt, size); if (ft != filetype_oftree) { printf("%s is not an oftree but %s\n", oftree, file_type_to_string(ft)); diff --git a/common/filetype.c b/common/filetype.c index b8d54f7fe0..c1bd11db8c 100644 --- a/common/filetype.c +++ b/common/filetype.c @@ -105,19 +105,24 @@ enum filetype is_fat_or_mbr(const unsigned char *sector, unsigned long *bootsec) return filetype_mbr; } -enum filetype file_detect_type(void *_buf) +enum filetype file_detect_type(void *_buf, size_t bufsize) { u32 *buf = _buf; u64 *buf64 = _buf; u8 *buf8 = _buf; enum filetype type; + if (bufsize < 9) + return filetype_unknown; + if (strncmp(buf8, "#!/bin/sh", 9) == 0) return filetype_sh; - if (is_barebox_arm_head(_buf)) - return filetype_arm_barebox; - if (buf[9] == 0x016f2818 || buf[9] == 0x18286f01) - return filetype_arm_zimage; + + if (bufsize < 32) + return filetype_unknown; + + if (strncmp(buf8, "BM", 2) == 0) + return filetype_bmp; if (buf8[0] == 0x89 && buf8[1] == 0x4c && buf8[2] == 0x5a && buf8[3] == 0x4f) return filetype_lzo_compressed; @@ -136,15 +141,25 @@ enum filetype file_detect_type(void *_buf) return filetype_oftree; if (strncmp(buf8, "ANDROID!", 8) == 0) return filetype_aimage; + if (buf64[0] == le64_to_cpu(0x0a1a0a0d474e5089ull)) + return filetype_png; if (strncmp(buf8 + 0x10, "barebox", 7) == 0) return filetype_mips_barebox; + + if (bufsize < 64) + return filetype_unknown; + + if (is_barebox_arm_head(_buf)) + return filetype_arm_barebox; + if (buf[9] == 0x016f2818 || buf[9] == 0x18286f01) + return filetype_arm_zimage; + + if (bufsize < 512) + return filetype_unknown; + type = is_fat_or_mbr(buf8, NULL); if (type != filetype_unknown) return type; - if (strncmp(buf8, "BM", 2) == 0) - return filetype_bmp; - if (buf64[0] == le64_to_cpu(0x0a1a0a0d474e5089ull)) - return filetype_png; return filetype_unknown; } @@ -160,13 +175,13 @@ enum filetype file_name_detect_type(const char *filename) if (fd < 0) return fd; - buf = xzalloc(512); + buf = xzalloc(FILE_TYPE_SAFE_BUFSIZE); - ret = read(fd, buf, 512); + ret = read(fd, buf, FILE_TYPE_SAFE_BUFSIZE); if (ret < 0) goto err_out; - type = file_detect_type(buf); + type = file_detect_type(buf, ret); if (type == filetype_mbr) { /* diff --git a/common/uimage.c b/common/uimage.c index 3f5a3d5cd0..3bec6b39f8 100644 --- a/common/uimage.c +++ b/common/uimage.c @@ -516,7 +516,7 @@ void *uimage_load_to_buf(struct uimage_handle *handle, int image_no, if (ret < 0) return NULL; - ft = file_detect_type(ftbuf); + ft = file_detect_type(ftbuf, 128); if ((int)ft < 0) return NULL; diff --git a/include/filetype.h b/include/filetype.h index 0a722a0a54..5fac53153d 100644 --- a/include/filetype.h +++ b/include/filetype.h @@ -25,9 +25,11 @@ enum filetype { filetype_max, }; +#define FILE_TYPE_SAFE_BUFSIZE 2048 + const char *file_type_to_string(enum filetype f); const char *file_type_to_short_string(enum filetype f); -enum filetype file_detect_type(void *_buf); +enum filetype file_detect_type(void *_buf, size_t bufsize); enum filetype file_name_detect_type(const char *filename); enum filetype is_fat_or_mbr(const unsigned char *sector, unsigned long *bootsec); diff --git a/lib/gui/image_renderer.c b/lib/gui/image_renderer.c index 41dc43b3c7..78e5777cbd 100644 --- a/lib/gui/image_renderer.c +++ b/lib/gui/image_renderer.c @@ -13,10 +13,10 @@ static LIST_HEAD(image_renderers); -static struct image_renderer *get_renderer(void* buf) +static struct image_renderer *get_renderer(void* buf, size_t bufsize) { struct image_renderer *ir; - enum filetype type = file_detect_type(buf); + enum filetype type = file_detect_type(buf, bufsize); list_for_each_entry(ir, &image_renderers, list) { if (ir->type == type) @@ -40,7 +40,7 @@ struct image *image_renderer_open(const char* file) return ERR_PTR(-ENOMEM); } - ir = get_renderer(data); + ir = get_renderer(data, size); if (!ir) { ret = -ENOENT; goto out; diff --git a/lib/uncompress.c b/lib/uncompress.c index 8e4d3a1d91..e0a69df9f9 100644 --- a/lib/uncompress.c +++ b/lib/uncompress.c @@ -78,7 +78,7 @@ int uncompress(unsigned char *inbuf, int len, char *err; if (inbuf) { - ft = file_detect_type(inbuf); + ft = file_detect_type(inbuf, len); uncompress_buf = NULL; uncompress_size = 0; } else { @@ -93,7 +93,7 @@ int uncompress(unsigned char *inbuf, int len, if (ret < 0) goto err; - ft = file_detect_type(uncompress_buf); + ft = file_detect_type(uncompress_buf, 32); } switch (ft) { |