diff options
author | Vadim Bendebury <vbendeb@google.com> | 2023-03-07 13:49:03 -0800 |
---|---|---|
committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2023-04-27 21:39:39 +0000 |
commit | fb945997bb54c22ce398a0b41e22c11b5bbe55da (patch) | |
tree | 40f088fa2932b7ff8df2557473f8ca9f197e6c75 | |
parent | 47127cfc67bd67e700dc205d50d56cdb082fc491 (diff) | |
download | chrome-ec-fb945997bb54c22ce398a0b41e22c11b5bbe55da.tar.gz |
gsctool: reject images smaller than flash page size
It is impractical to use GSC images smaller than one flash page size,
let's not accept them for downloading.
BUG=b:272058012
TEST=get the following error trying to transfer a corrupted image:
Image at offset 0x4000 too short (1024 bytes)
Change-Id: Ia80e8ceaf6a5848e194000acf51824189f157ba1
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4317923
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit 05fe566a90aebad49fe22ef5fb43f6f51be345c9)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4481588
Tested-by: Mary Ruthven <mruthven@chromium.org>
Auto-Submit: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Jett Rink <jettrink@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
-rw-r--r-- | extra/usb_updater/gsctool.c | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/extra/usb_updater/gsctool.c b/extra/usb_updater/gsctool.c index f2b257eef8..4584c2bb82 100644 --- a/extra/usb_updater/gsctool.c +++ b/extra/usb_updater/gsctool.c @@ -1161,6 +1161,9 @@ static bool valid_header(const struct SignedHeader *const h, const size_t size) if (h->image_size > size) return false; + if (h->image_size < CONFIG_FLASH_BANK_SIZE) + return false; + /* Only H1 and D2 are currently supported. */ if (h->magic != MAGIC_HAVEN && h->magic != MAGIC_DAUNTLESS) return false; @@ -1286,9 +1289,9 @@ static bool locate_headers(const void *image, const uint32_t size) /* * Scan the new image and retrieve versions of all four sections, two RO and - * two RW. + * two RW, verifying that image size is not too short along the way. */ -static void fetch_header_versions(const void *image) +static bool fetch_header_versions(const void *image) { size_t i; @@ -1297,11 +1300,20 @@ static void fetch_header_versions(const void *image) h = (const struct SignedHeader *)((uintptr_t)image + sections[i].offset); + + if (h->image_size < CONFIG_FLASH_BANK_SIZE) { + fprintf(stderr, + "Image at offset %#5x too short (%d bytes)\n", + sections[i].offset, + h->image_size); + return false; + } sections[i].shv.epoch = h->epoch_; sections[i].shv.major = h->major_; sections[i].shv.minor = h->minor_; sections[i].keyid = h->keyid; } + return true; } @@ -4282,7 +4294,8 @@ int main(int argc, char *argv[]) if (!locate_headers(data, data_len)) exit(update_error); - fetch_header_versions(data); + if (!fetch_header_versions(data)) + exit(update_error); if (binary_vers) exit(show_headers_versions(data, show_machine_output)); |