* [PATCH u-boot 1/2] tools: default_image: Verify header size
@ 2023-01-29 16:44 Pali Rohár
2023-01-29 16:44 ` [PATCH u-boot 2/2] tools: default_image: Accept images with padding Pali Rohár
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: Pali Rohár @ 2023-01-29 16:44 UTC (permalink / raw)
To: Simon Glass; +Cc: u-boot
Before reading image header, verify that image size is at least size of
the image header.
Signed-off-by: Pali Rohár <pali@kernel.org>
---
tools/default_image.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tools/default_image.c b/tools/default_image.c
index 4a067e65862e..4aa9a33241cb 100644
--- a/tools/default_image.c
+++ b/tools/default_image.c
@@ -49,6 +49,12 @@ static int image_verify_header(unsigned char *ptr, int image_size,
struct legacy_img_hdr header;
struct legacy_img_hdr *hdr = &header;
+ if (image_size < sizeof(struct legacy_img_hdr)) {
+ debug("%s: Bad image size: \"%s\" is no valid image\n",
+ params->cmdname, params->imagefile);
+ return -FDT_ERR_BADSTRUCTURE;
+ }
+
/*
* create copy of header so that we can blank out the
* checksum field for checking - this can't be done
--
2.20.1
^ permalink raw reply related [flat|nested] 9+ messages in thread* [PATCH u-boot 2/2] tools: default_image: Accept images with padding 2023-01-29 16:44 [PATCH u-boot 1/2] tools: default_image: Verify header size Pali Rohár @ 2023-01-29 16:44 ` Pali Rohár 2023-01-30 15:50 ` Simon Glass 2023-02-06 19:43 ` Tom Rini 2023-01-30 15:50 ` [PATCH u-boot 1/2] tools: default_image: Verify header size Simon Glass 2023-02-07 16:52 ` Tom Rini 2 siblings, 2 replies; 9+ messages in thread From: Pali Rohár @ 2023-01-29 16:44 UTC (permalink / raw) To: Simon Glass; +Cc: u-boot If image file is stored on flash partition then it contains padding, which is not part of the image itself. Image data size is stored in the image header. So use image size from the header instead of expecting that total image file size is size of the header plus size of the image data. This allows dumpimage to parse image files with padding (e.g. dumped from flash partition). Signed-off-by: Pali Rohár <pali@kernel.org> --- tools/default_image.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/default_image.c b/tools/default_image.c index 4aa9a33241cb..0996e1dfe9c8 100644 --- a/tools/default_image.c +++ b/tools/default_image.c @@ -81,7 +81,13 @@ static int image_verify_header(unsigned char *ptr, int image_size, } data = (const unsigned char *)ptr + sizeof(struct legacy_img_hdr); - len = image_size - sizeof(struct legacy_img_hdr); + len = image_get_data_size(hdr); + + if (image_size - sizeof(struct legacy_img_hdr) < len) { + debug("%s: Bad image size: \"%s\" is no valid image\n", + params->cmdname, params->imagefile); + return -FDT_ERR_BADSTRUCTURE; + } checksum = be32_to_cpu(hdr->ih_dcrc); if (crc32(0, data, len) != checksum) { -- 2.20.1 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH u-boot 2/2] tools: default_image: Accept images with padding 2023-01-29 16:44 ` [PATCH u-boot 2/2] tools: default_image: Accept images with padding Pali Rohár @ 2023-01-30 15:50 ` Simon Glass 2023-02-06 19:43 ` Tom Rini 1 sibling, 0 replies; 9+ messages in thread From: Simon Glass @ 2023-01-30 15:50 UTC (permalink / raw) To: Pali Rohár; +Cc: u-boot On Sun, 29 Jan 2023 at 09:44, Pali Rohár <pali@kernel.org> wrote: > > If image file is stored on flash partition then it contains padding, which > is not part of the image itself. Image data size is stored in the image > header. So use image size from the header instead of expecting that total > image file size is size of the header plus size of the image data. This > allows dumpimage to parse image files with padding (e.g. dumped from flash > partition). > > Signed-off-by: Pali Rohár <pali@kernel.org> > --- > tools/default_image.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) Reviewed-by: Simon Glass <sjg@chromium.org> ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH u-boot 2/2] tools: default_image: Accept images with padding 2023-01-29 16:44 ` [PATCH u-boot 2/2] tools: default_image: Accept images with padding Pali Rohár 2023-01-30 15:50 ` Simon Glass @ 2023-02-06 19:43 ` Tom Rini 2023-02-06 21:47 ` Pali Rohár 2023-02-06 22:00 ` Simon Glass 1 sibling, 2 replies; 9+ messages in thread From: Tom Rini @ 2023-02-06 19:43 UTC (permalink / raw) To: Pali Rohár, Matthias Winker, Philip Oberfichtner, Jagan Teki, Raffaele RECALCATI, Simone CIANNI Cc: Simon Glass, u-boot [-- Attachment #1: Type: text/plain, Size: 695 bytes --] On Sun, Jan 29, 2023 at 05:44:11PM +0100, Pali Rohár wrote: > If image file is stored on flash partition then it contains padding, which > is not part of the image itself. Image data size is stored in the image > header. So use image size from the header instead of expecting that total > image file size is size of the header plus size of the image data. This > allows dumpimage to parse image files with padding (e.g. dumped from flash > partition). > > Signed-off-by: Pali Rohár <pali@kernel.org> > Reviewed-by: Simon Glass <sjg@chromium.org> This breaks imx6q_bosch_acc imx6dl_mamoj as: ./tools/mkimage: Failed to verify header of u-boot-ivt.img now happens. -- Tom [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 659 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH u-boot 2/2] tools: default_image: Accept images with padding 2023-02-06 19:43 ` Tom Rini @ 2023-02-06 21:47 ` Pali Rohár 2023-02-07 16:53 ` Tom Rini 2023-02-06 22:00 ` Simon Glass 1 sibling, 1 reply; 9+ messages in thread From: Pali Rohár @ 2023-02-06 21:47 UTC (permalink / raw) To: Tom Rini Cc: Matthias Winker, Philip Oberfichtner, Jagan Teki, Raffaele RECALCATI, Simone CIANNI, Simon Glass, u-boot On Monday 06 February 2023 14:43:07 Tom Rini wrote: > On Sun, Jan 29, 2023 at 05:44:11PM +0100, Pali Rohár wrote: > > > If image file is stored on flash partition then it contains padding, which > > is not part of the image itself. Image data size is stored in the image > > header. So use image size from the header instead of expecting that total > > image file size is size of the header plus size of the image data. This > > allows dumpimage to parse image files with padding (e.g. dumped from flash > > partition). > > > > Signed-off-by: Pali Rohár <pali@kernel.org> > > Reviewed-by: Simon Glass <sjg@chromium.org> > > This breaks imx6q_bosch_acc imx6dl_mamoj as: > ./tools/mkimage: Failed to verify header of u-boot-ivt.img > > now happens. Ah :-( That is because IH_TYPE_FIRMWARE_IVT support was hacked into default_image.c and its format is not compatible with other formats supported but default_image.c I tested following patch with imx6q_bosch_acc_defconfig and it worked: diff --git a/tools/default_image.c b/tools/default_image.c index 0996e1dfe9c8..e0e234a1e8f4 100644 --- a/tools/default_image.c +++ b/tools/default_image.c @@ -83,6 +83,10 @@ static int image_verify_header(unsigned char *ptr, int image_size, data = (const unsigned char *)ptr + sizeof(struct legacy_img_hdr); len = image_get_data_size(hdr); + if (image_get_type(hdr) == IH_TYPE_FIRMWARE_IVT) + /* Add size of CSF minus IVT */ + len -= 0x2060 - sizeof(flash_header_v2_t); + if (image_size - sizeof(struct legacy_img_hdr) < len) { debug("%s: Bad image size: \"%s\" is no valid image\n", params->cmdname, params->imagefile); That is why validation functions _must_ always be implemented. Feel free to amend this chunk into patch 2/2 and check if it works also for you. And looking at the image_extract_subimage() code in default_image.c and it is also broken for IH_TYPE_FIRMWARE_IVT. Well, I'm not going to fix image_extract_subimage() as it was broken before and nobody spotted it yet. ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH u-boot 2/2] tools: default_image: Accept images with padding 2023-02-06 21:47 ` Pali Rohár @ 2023-02-07 16:53 ` Tom Rini 0 siblings, 0 replies; 9+ messages in thread From: Tom Rini @ 2023-02-07 16:53 UTC (permalink / raw) To: Pali Rohár Cc: Matthias Winker, Philip Oberfichtner, Jagan Teki, Raffaele RECALCATI, Simone CIANNI, Simon Glass, u-boot [-- Attachment #1: Type: text/plain, Size: 2308 bytes --] On Mon, Feb 06, 2023 at 10:47:43PM +0100, Pali Rohár wrote: > On Monday 06 February 2023 14:43:07 Tom Rini wrote: > > On Sun, Jan 29, 2023 at 05:44:11PM +0100, Pali Rohár wrote: > > > > > If image file is stored on flash partition then it contains padding, which > > > is not part of the image itself. Image data size is stored in the image > > > header. So use image size from the header instead of expecting that total > > > image file size is size of the header plus size of the image data. This > > > allows dumpimage to parse image files with padding (e.g. dumped from flash > > > partition). > > > > > > Signed-off-by: Pali Rohár <pali@kernel.org> > > > Reviewed-by: Simon Glass <sjg@chromium.org> > > > > This breaks imx6q_bosch_acc imx6dl_mamoj as: > > ./tools/mkimage: Failed to verify header of u-boot-ivt.img > > > > now happens. > > Ah :-( That is because IH_TYPE_FIRMWARE_IVT support was hacked into > default_image.c and its format is not compatible with other formats > supported but default_image.c > > I tested following patch with imx6q_bosch_acc_defconfig and it worked: > > diff --git a/tools/default_image.c b/tools/default_image.c > index 0996e1dfe9c8..e0e234a1e8f4 100644 > --- a/tools/default_image.c > +++ b/tools/default_image.c > @@ -83,6 +83,10 @@ static int image_verify_header(unsigned char *ptr, int image_size, > data = (const unsigned char *)ptr + sizeof(struct legacy_img_hdr); > len = image_get_data_size(hdr); > > + if (image_get_type(hdr) == IH_TYPE_FIRMWARE_IVT) > + /* Add size of CSF minus IVT */ > + len -= 0x2060 - sizeof(flash_header_v2_t); > + > if (image_size - sizeof(struct legacy_img_hdr) < len) { > debug("%s: Bad image size: \"%s\" is no valid image\n", > params->cmdname, params->imagefile); > > That is why validation functions _must_ always be implemented. > > Feel free to amend this chunk into patch 2/2 and check if it works also > for you. > > And looking at the image_extract_subimage() code in default_image.c and > it is also broken for IH_TYPE_FIRMWARE_IVT. Well, I'm not going to > fix image_extract_subimage() as it was broken before and nobody spotted > it yet. With this included now, the original patch is applied to u-boot/master now, thanks! -- Tom [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 659 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH u-boot 2/2] tools: default_image: Accept images with padding 2023-02-06 19:43 ` Tom Rini 2023-02-06 21:47 ` Pali Rohár @ 2023-02-06 22:00 ` Simon Glass 1 sibling, 0 replies; 9+ messages in thread From: Simon Glass @ 2023-02-06 22:00 UTC (permalink / raw) To: Tom Rini Cc: Pali Rohár, Matthias Winker, Philip Oberfichtner, Jagan Teki, Raffaele RECALCATI, Simone CIANNI, u-boot Hi Tom, On Mon, 6 Feb 2023 at 12:43, Tom Rini <trini@konsulko.com> wrote: > > On Sun, Jan 29, 2023 at 05:44:11PM +0100, Pali Rohár wrote: > > > If image file is stored on flash partition then it contains padding, which > > is not part of the image itself. Image data size is stored in the image > > header. So use image size from the header instead of expecting that total > > image file size is size of the header plus size of the image data. This > > allows dumpimage to parse image files with padding (e.g. dumped from flash > > partition). > > > > Signed-off-by: Pali Rohár <pali@kernel.org> > > Reviewed-by: Simon Glass <sjg@chromium.org> > > This breaks imx6q_bosch_acc imx6dl_mamoj as: > ./tools/mkimage: Failed to verify header of u-boot-ivt.img > > now happens. I know these failures are a pain, but it is great to see the testing having such a big impact! - Simon ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH u-boot 1/2] tools: default_image: Verify header size 2023-01-29 16:44 [PATCH u-boot 1/2] tools: default_image: Verify header size Pali Rohár 2023-01-29 16:44 ` [PATCH u-boot 2/2] tools: default_image: Accept images with padding Pali Rohár @ 2023-01-30 15:50 ` Simon Glass 2023-02-07 16:52 ` Tom Rini 2 siblings, 0 replies; 9+ messages in thread From: Simon Glass @ 2023-01-30 15:50 UTC (permalink / raw) To: Pali Rohár; +Cc: u-boot On Sun, 29 Jan 2023 at 09:44, Pali Rohár <pali@kernel.org> wrote: > > Before reading image header, verify that image size is at least size of > the image header. > > Signed-off-by: Pali Rohár <pali@kernel.org> > --- > tools/default_image.c | 6 ++++++ > 1 file changed, 6 insertions(+) Reviewed-by: Simon Glass <sjg@chromium.org> ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH u-boot 1/2] tools: default_image: Verify header size 2023-01-29 16:44 [PATCH u-boot 1/2] tools: default_image: Verify header size Pali Rohár 2023-01-29 16:44 ` [PATCH u-boot 2/2] tools: default_image: Accept images with padding Pali Rohár 2023-01-30 15:50 ` [PATCH u-boot 1/2] tools: default_image: Verify header size Simon Glass @ 2023-02-07 16:52 ` Tom Rini 2 siblings, 0 replies; 9+ messages in thread From: Tom Rini @ 2023-02-07 16:52 UTC (permalink / raw) To: Pali Rohár; +Cc: Simon Glass, u-boot [-- Attachment #1: Type: text/plain, Size: 306 bytes --] On Sun, Jan 29, 2023 at 05:44:10PM +0100, Pali Rohár wrote: > Before reading image header, verify that image size is at least size of > the image header. > > Signed-off-by: Pali Rohár <pali@kernel.org> > Reviewed-by: Simon Glass <sjg@chromium.org> Applied to u-boot/master, thanks! -- Tom [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 659 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2023-02-07 16:58 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-01-29 16:44 [PATCH u-boot 1/2] tools: default_image: Verify header size Pali Rohár 2023-01-29 16:44 ` [PATCH u-boot 2/2] tools: default_image: Accept images with padding Pali Rohár 2023-01-30 15:50 ` Simon Glass 2023-02-06 19:43 ` Tom Rini 2023-02-06 21:47 ` Pali Rohár 2023-02-07 16:53 ` Tom Rini 2023-02-06 22:00 ` Simon Glass 2023-01-30 15:50 ` [PATCH u-boot 1/2] tools: default_image: Verify header size Simon Glass 2023-02-07 16:52 ` Tom Rini
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox