From 3e7a6d182afe723381cbe047b1823912897ea6d0 Mon Sep 17 00:00:00 2001 From: Gabor Juhos Date: Mon, 5 Dec 2011 14:52:33 +0000 Subject: [PATCH] ar71xx: check squashfs signature in TP-Link mtd parser SVN-Revision: 29446 --- .../ar71xx/files/drivers/mtd/tplinkpart.c | 32 ++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c b/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c index 7b2ac7e40d..2cbad5ada1 100644 --- a/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c +++ b/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c @@ -10,6 +10,7 @@ #include #include #include +#include #include #include @@ -83,6 +84,26 @@ err: return NULL; } +static int tplink_check_squashfs_magic(struct mtd_info *mtd, size_t offset) +{ + u32 magic; + size_t retlen; + int ret; + + ret = mtd->read(mtd, offset, sizeof(magic), &retlen, + (unsigned char *) &magic); + if (ret) + return ret; + + if (retlen != sizeof(magic)) + return -EIO; + + if (le32_to_cpu(magic) != SQUASHFS_MAGIC) + return -EINVAL; + + return 0; +} + static int tplink_parse_partitions(struct mtd_info *master, struct mtd_partition **pparts, unsigned long origin) @@ -93,6 +114,7 @@ static int tplink_parse_partitions(struct mtd_info *master, size_t offset; size_t art_offset; size_t rootfs_offset; + size_t squashfs_offset; int ret; nr_parts = TPLINK_NUM_PARTS; @@ -111,7 +133,15 @@ static int tplink_parse_partitions(struct mtd_info *master, goto err_free_parts; } - rootfs_offset = offset + be32_to_cpu(header->rootfs_ofs); + squashfs_offset = offset + sizeof(struct tplink_fw_header) + + be32_to_cpu(header->kernel_len); + + ret = tplink_check_squashfs_magic(master, squashfs_offset); + if (ret == 0) + rootfs_offset = squashfs_offset; + else + rootfs_offset = offset + be32_to_cpu(header->rootfs_ofs); + art_offset = master->size - TPLINK_ART_LEN; parts[0].name = "u-boot"; -- 2.30.2