From patchwork Fri Feb 3 22:03:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sander Vanheule X-Patchwork-Id: 1737310 X-Patchwork-Delegate: sander@svanheule.net Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=46NoMmwP; dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=svanheule.net header.i=@svanheule.net header.a=rsa-sha256 header.s=mail1707 header.b=FgmbdZBK; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4P7qY44TXPz23hn for ; Sat, 4 Feb 2023 09:08:24 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=OWb7DtMjPNJ6ovaNhVebZW05CTYPPyWkniGUwCCC/hY=; b=46NoMmwPsxmHVv 2pkFN5bEOxAGZ4xuwSFKm3zkq6McznwWcasAlYLF7Hi9SsSo18vCLl/FMhEIsHE0ngAJJDKf7SVPS N80lgbOfWg506w98feOoIiEK8iqgCgEf0vkCtoiwmR+AxH5m6vLcFdl+U+A4IAnGg0Y5VG7mpW4SK 9oYAuN/6ueCAb8RL6ITQ+BCMa4P+bd7S6KSKSjkmwHlPzn/IbUsYEAphPPuKEc0e3BFGyugpa2jXh m/HaXToQ7YIlWeHm2C4xnKJXMS9XTI+o4HHoAnXsjbxnHNhRfokl8xK7Y8oUR48+bdL9QIUuqOIo5 zqBVXoBknxW5MxMf92Wg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1pO4C4-003jq0-W7; Fri, 03 Feb 2023 22:06:06 +0000 Received: from polaris.svanheule.net ([84.16.241.116]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1pO4AD-003jC5-GT for openwrt-devel@lists.openwrt.org; Fri, 03 Feb 2023 22:04:11 +0000 Received: from terra.lan (cust-41-49-110-94.dyn.as47377.net [94.110.49.41]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: sander@svanheule.net) by polaris.svanheule.net (Postfix) with ESMTPSA id AF29E3775DD; Fri, 3 Feb 2023 23:03:58 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=svanheule.net; s=mail1707; t=1675461838; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=o4RVO53o5M05SxVpTjteJfF21zz5RBjHJQpizV7nrw0=; b=FgmbdZBK3tyY6QTwJSVsxfRgCXYKh4izv/oyiW5BuZirMNyazp2oGBSgbVWUmEwM9pGIVz 2CQYEhors7nvPLXXEhcQKAsy9F0r23K5qSuvAQK7lFxJZkozFZeKwq84wJsM9IvjxP+ddG o6lT7/EtRBU9NbSuyL+E983Hr1P5W2oPq5M+L4Wi6UpJY3aBiv6ttxcmxS7TVCHu8GEEWj hugp/VZy/v1lYSzgKkDNaUjvGSZvWQWCgoIEmBwnSg46mt4sCEjKHmt5l3NUQuXOQruWc5 IgKwZkEebGxU7Fzzx7BpMxSDn9tR9fR3UpWIhpyjBoAk340J9++h4bNPBHFZeA== From: Sander Vanheule To: openwrt-devel@lists.openwrt.org Cc: Sander Vanheule , =?utf-8?q?Andreas_B=C3=B6hler?= Subject: [PATCH firmware-utils v1 06/10] tplink-safeloader: ignore NULLs in version info Date: Fri, 3 Feb 2023 23:03:20 +0100 Message-Id: <27b94a44a7b079e68eed1792e44414f66f9c3dd8.1675461748.git.sander@svanheule.net> X-Mailer: git-send-email 2.39.0 In-Reply-To: References: MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230203_140409_730347_0034E3B3 X-CRM114-Status: GOOD ( 11.68 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: When the soft-version partition contents are checked for a text-format version string, isascii() is used to check the contained bytes. This also returns true on control characters, which includes term [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org When the soft-version partition contents are checked for a text-format version string, isascii() is used to check the contained bytes. This also returns true on control characters, which includes terminating NULL characters. After checking if the data is a string, use the actual string length for printing the contained data to avoid outputting NULLs to stdout. Signed-off-by: Sander Vanheule --- src/tplink-safeloader.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/src/tplink-safeloader.c b/src/tplink-safeloader.c index 05b7ca17f786..51f6683c802a 100644 --- a/src/tplink-safeloader.c +++ b/src/tplink-safeloader.c @@ -3928,18 +3928,16 @@ static int firmware_info(const char *input) if (fread(buf, data_len, 1, fp) != 1) error(1, errno, "Can not read fwup-ptn data from the firmware"); - /* Check for string ignoring padding character */ - isstr = true; - for (i = 0; i < data_len - 1; i++) { - if (!isascii(buf[i])) { - isstr = false; - break; - } - } + /* Check for (null-terminated) string */ + ascii_len = 0; + while (ascii_len < data_len && isascii(buf[ascii_len])) + ascii_len++; + + isstr = ascii_len == data_len; printf("\n[Software version]\n"); if (isstr) { - fwrite(buf, data_len, 1, stdout); + fwrite(buf, strnlen(buf, data_len), 1, stdout); putchar('\n'); } else if (data_len >= offsetof(struct soft_version, rev)) { s = (struct soft_version *)buf;