base-files: verify nand sysupgrade images

For nand sysupgrade image files having tar/gzip/tgz envelopes, verify
envelope integrity before starting sysupgrade.

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>

diff --git a/package/base-files/files/lib/upgrade/nand.sh b/package/base-files/files/lib/upgrade/nand.sh
index 496e5bf7fba7b7e7fc5e29c8e905bec2242d28be..d9cfeede9c98bb360f59cd543f98962245db2b60 100644 (file)
--- a/package/base-files/files/lib/upgrade/nand.sh
+++ b/package/base-files/files/lib/upgrade/nand.sh
@@ -60,7 +60,7 @@ nand_get_magic_long() {
 }
 
 get_magic_long_tar() {
-       (tar x${3}f "$1" "$2" -O | dd bs=4 count=1 | hexdump -v -n 4 -e '1/1 "%02x"') 2> /dev/null
+       (tar xO${3}f "$1" "$2" | dd bs=4 count=1 | hexdump -v -n 4 -e '1/1 "%02x"') 2> /dev/null
 }
 
 identify_magic() {
@@ -172,7 +172,7 @@ nand_detach_ubi() {
 nand_upgrade_prepare_ubi() {
        local rootfs_length="$1"
        local rootfs_type="$2"
-       local rootfs_data_max="$(fw_printenv -n rootfs_data_max 2>/dev/null)"
+       local rootfs_data_max="$(fw_printenv -n rootfs_data_max 2> /dev/null)"
        [ -n "$rootfs_data_max" ] && rootfs_data_max=$((rootfs_data_max))
 
        local kernel_length="$3"
@@ -313,10 +313,10 @@ nand_upgrade_tar() {
        local kernel_mtd kernel_length
        if [ "$CI_KERNPART" != "none" ]; then
                kernel_mtd="$(find_mtd_index "$CI_KERNPART")"
-               kernel_length=$( (tar x${gz}f "$tar_file" "$board_dir/kernel" -O | wc -c) 2> /dev/null)
+               kernel_length=$( (tar xO${gz}f "$tar_file" "$board_dir/kernel" | wc -c) 2> /dev/null)
                [ "$kernel_length" = 0 ] && kernel_length=
        fi
-       local rootfs_length=$( (tar x${gz}f "$tar_file" "$board_dir/root" -O | wc -c) 2> /dev/null)
+       local rootfs_length=$( (tar xO${gz}f "$tar_file" "$board_dir/root" | wc -c) 2> /dev/null)
        [ "$rootfs_length" = 0 ] && rootfs_length=
        local rootfs_type
        [ "$rootfs_length" ] && rootfs_type="$(identify_tar "$tar_file" "$board_dir/root" "$gz")"
@@ -327,7 +327,7 @@ nand_upgrade_tar() {
                        # On some devices, the raw kernel and ubi partitions overlap.
                        # These devices brick if the kernel partition is erased.
                        # Hence only invalidate kernel for now.
-                       dd if=/dev/zero bs=4096 count=1 2>/dev/null | \
+                       dd if=/dev/zero bs=4096 count=1 2> /dev/null | \
                                mtd write - "$CI_KERNPART"
                else
                        ubi_kernel_length="$kernel_length"
@@ -339,16 +339,16 @@ nand_upgrade_tar() {
        local ubidev="$( nand_find_ubi "$CI_UBIPART" )"
        if [ "$rootfs_length" ]; then
                local root_ubivol="$( nand_find_volume $ubidev "$CI_ROOTPART" )"
-               tar x${gz}f "$tar_file" "$board_dir/root" -O | \
+               tar xO${gz}f "$tar_file" "$board_dir/root" | \
                        ubiupdatevol /dev/$root_ubivol -s "$rootfs_length" -
        fi
        if [ "$kernel_length" ]; then
                if [ "$kernel_mtd" ]; then
-                       tar x${gz}f "$tar_file" "$board_dir/kernel" -O | \
+                       tar xO${gz}f "$tar_file" "$board_dir/kernel" | \
                                mtd write - "$CI_KERNPART"
                else
                        local kern_ubivol="$( nand_find_volume $ubidev "$CI_KERNPART" )"
-                       tar x${gz}f "$tar_file" "$board_dir/kernel" -O | \
+                       tar xO${gz}f "$tar_file" "$board_dir/kernel" | \
                                ubiupdatevol /dev/$kern_ubivol -s "$kernel_length" -
                fi
        fi
@@ -356,21 +356,55 @@ nand_upgrade_tar() {
        return 0
 }
 
+nand_verify_if_gzip_file() {
+       local file="$1"
+       local gz="$2"
+
+       if [ "$gz" = z ]; then
+               echo "verifying compressed sysupgrade file integrity"
+               if ! gzip -t "$file"; then
+                       echo "corrupted compressed sysupgrade file"
+                       return 1
+               fi
+       fi
+}
+
+nand_verify_tar_file() {
+       local file="$1"
+       local gz="$2"
+
+       echo "verifying sysupgrade tar file integrity"
+       if ! tar xO${gz}f "$file" > /dev/null; then
+               echo "corrupted sysupgrade tar file"
+               return 1
+       fi
+}
+
 nand_do_flash_file() {
        local file="$1"
 
        local gz="$(identify_if_gzip "$file")"
        local file_type="$(identify "$file" "" "$gz")"
 
-       [ "$gz" = z ] && echo "detected compressed firmware file"
-
        [ ! "$(find_mtd_index "$CI_UBIPART")" ] && CI_UBIPART=rootfs
 
        case "$file_type" in
-               "fit")          nand_upgrade_fit "$file" "$gz";;
-               "ubi")          nand_upgrade_ubinized "$file" "$gz";;
-               "ubifs")        nand_upgrade_ubifs "$file" "$gz";;
-               *)              nand_upgrade_tar "$file" "$gz";;
+               "fit")
+                       nand_verify_if_gzip_file "$file" "$gz" || return 1
+                       nand_upgrade_fit "$file" "$gz"
+                       ;;
+               "ubi")
+                       nand_verify_if_gzip_file "$file" "$gz" || return 1
+                       nand_upgrade_ubinized "$file" "$gz"
+                       ;;
+               "ubifs")
+                       nand_verify_if_gzip_file "$file" "$gz" || return 1
+                       nand_upgrade_ubifs "$file" "$gz"
+                       ;;
+               *)
+                       nand_verify_tar_file "$file" "$gz" || return 1
+                       nand_upgrade_tar "$file" "$gz"
+                       ;;
        esac
 }
 
@@ -415,12 +449,16 @@ nand_do_platform_check() {
 
        local gz="$(identify_if_gzip "$file")"
        local file_type="$(identify "$file" "" "$gz")"
+       local control_length=$( (tar xO${gz}f "$file" "sysupgrade-$board_name/CONTROL" | wc -c) 2> /dev/null)
 
-       local control_length=$( (tar x${gz}f "$file" "sysupgrade-$board_name/CONTROL" -O | wc -c) 2> /dev/null)
-
-       if [ "$file_type" != "fit" -a "$file_type" != "ubi" -a "$file_type" != "ubifs" -a "$control_length" = 0 ]; then
-               echo "invalid sysupgrade file"
-               return 1
+       if [ "$control_length" != 0 ]; then
+               nand_verify_tar_file "$file" "$gz" || return 1
+       else
+               nand_verify_if_gzip_file "$file" "$gz" || return 1
+               if [ "$file_type" != "fit" -a "$file_type" != "ubi" -a "$file_type" != "ubifs" ]; then
+                       echo "invalid sysupgrade file"
+                       return 1
+               fi
        fi
 
        return 0

diff --git a/package/base-files/files/lib/upgrade/stage2 b/package/base-files/files/lib/upgrade/stage2
index 97e0b881e9a0b5cc43db2f1184be373be63bfc7d..6314d4064671ba3e88eaef4576b7c188851e740a 100755 (executable)
--- a/package/base-files/files/lib/upgrade/stage2
+++ b/package/base-files/files/lib/upgrade/stage2
@@ -39,7 +39,7 @@ switch_to_ramfs() {
        for binary in \
                /bin/busybox /bin/ash /bin/sh /bin/mount /bin/umount    \
                pivot_root mount_root reboot sync kill sleep            \
-               md5sum hexdump cat zcat dd tar                          \
+               md5sum hexdump cat zcat dd tar gzip                     \
                ls basename find cp mv rm mkdir rmdir mknod touch chmod \
                '[' printf wc grep awk sed cut sort                     \
                mtd partx losetup mkfs.ext4 nandwrite flash_erase       \