From 61a3b8d663f54c3553f61a8b157f89b6bb17ed48 Mon Sep 17 00:00:00 2001 From: Cheng-Han Yang Date: Mon, 27 Aug 2018 16:56:28 +0800 Subject: gsctool: Reject empty authorization code Passing empty auth code causes cr50 to generate challenge instead of verifying the auth code. Change to return an error when the auth code is empty. BUG=b:112881027 TEST=make gsctool; manually test on DUT BRANCH=none [Before fix] localhost $ gsctool -a -r Challenge: <80 characters challenge string> (Wait for 10 seconds) localhost $ gsctool -a -r "" Processing response...RMA unlock succeeded. [After fix] localhost $ gsctool -a -r Challenge: <80 characters challenge string> (Wait for 10 seconds) localhost $ gsctool -a -r "" Empty response. Change-Id: Ifc2760176ff620dd45c5d62ced117c808ce1f111 Signed-off-by: Cheng-Han Yang Reviewed-on: https://chromium-review.googlesource.com/1192822 Commit-Ready: Cheng-Han Yang Tested-by: Cheng-Han Yang Reviewed-by: Vadim Bendebury --- extra/usb_updater/gsctool.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/extra/usb_updater/gsctool.c b/extra/usb_updater/gsctool.c index a8fa5102c9..32e570f7d4 100644 --- a/extra/usb_updater/gsctool.c +++ b/extra/usb_updater/gsctool.c @@ -1906,6 +1906,12 @@ static void process_rma(struct transfer_descriptor *td, const char *authcode) return; } + if (!*authcode) { + printf("Empty response.\n"); + exit(update_error); + return; + } + if (!strcmp(authcode, "disable")) { printf("Invalid arg. Try using 'gsctool -F disable'\n"); exit(update_error); -- cgit v1.2.1