From patchwork Wed Oct 25 13:17:14 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Maksim Salau <msalau@iotecha.com>
X-Patchwork-Id: 830261
Return-Path: <swupdate+bncBDMOZ6UE7IBRBZ45YLHQKGQEGQCAKMQ@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=googlegroups.com
	(client-ip=2607:f8b0:400c:c08::23f;
	helo=mail-ua0-x23f.google.com;
	envelope-from=swupdate+bncbdmoz6ue7ibrbz45ylhqkgqegqcakmq@googlegroups.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=googlegroups.com header.i=@googlegroups.com
	header.b="nr3qoHNI"; dkim-atps=neutral
Received: from mail-ua0-x23f.google.com (mail-ua0-x23f.google.com
	[IPv6:2607:f8b0:400c:c08::23f])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3yMVzt3CFNz9t2h
	for <incoming@patchwork.ozlabs.org>;
	Thu, 26 Oct 2017 00:17:30 +1100 (AEDT)
Received: by mail-ua0-x23f.google.com with SMTP id u13sf15611975uaf.9
	for <incoming@patchwork.ozlabs.org>;
	Wed, 25 Oct 2017 06:17:30 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1508937448; cv=pass;
	d=google.com; s=arc-20160816;
	b=kC6/CA+YL1IVTsJqUkZvxVr5C/N4VUzvigaQGQLRgbUpqtOReHCrZYC3XGfd6fN+KO
	V+hvZyzvnCfW7cU6poqBO1xNhYJS19nA1G8p93tgTH9yuyyNmRtPxpyUalb4vgTBlnMZ
	NkvnczgL2YSKo7Lx8PAsncz2NDq2ezdYoHI/+HCpXYjLQ24DfG2jQeI/czrUn1JDvftj
	ehdRyYQTzK46OW/1bxW2kT4My2FdfyhQ8kAYjQTgL02F52ww/YK98Cyq6gydDdkS2fit
	gtEnwkf5klGPlQmR8jwpKGAm3RCp5pZqMRK6No9lM+YEulP6ib7OmFOmiZ/62ajCzbz/
	Hgsg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
	:list-id:mailing-list:precedence:message-id:date:subject:cc:to:from
	:arc-authentication-results:arc-message-signature:mime-version
	:sender:dkim-signature:arc-authentication-results;
	bh=LEGg52NBBajzYlF/Z/ZiHg/+pofbXG3+I0yaNhgUrXo=;
	b=Xxl5GMwOe16c3kWN24AZL/l8z1aXQ/qr6/92J6Y9GfFJ90AeN8wDrz7Lo48obu5V56
	/uLmaEVRnqBirNxS7dB4h143kMe4tFi0a+Fn1rZ98UkiTDUu/z9TMIbuUB8gcem13T/g
	DJl6cdnOMAciZg9ngwU43xfe4Qk8b8CqCJZstcs48HzvX4IE1+/D6frfkGW1wEmN9KY0
	7msZOD3sqWnRmuYfUuee9Bn8VgZFaDUYYAhZ3vJkJkNmFht+FuvG4qB0ePFf0/3z50fk
	kKwY77JCt/NCLK9vAFENiv3hGhltnFbQnmXe2Vf1v/1CN1OID1CWi933BoyUlvDIVfyW
	i9pQ==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
	dkim=pass header.i=@iotecha-com.20150623.gappssmtp.com
	header.s=20150623 header.b=I7E8t+o5;
	spf=pass (google.com: domain of msalau@iotecha.com designates
	2607:f8b0:400d:c0d::22e as permitted sender)
	smtp.mailfrom=msalau@iotecha.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=googlegroups.com; s=20161025;
	h=sender:mime-version:from:to:cc:subject:date:message-id
	:x-original-sender:x-original-authentication-results:precedence
	:mailing-list:list-id:list-post:list-help:list-archive
	:list-subscribe:list-unsubscribe;
	bh=LEGg52NBBajzYlF/Z/ZiHg/+pofbXG3+I0yaNhgUrXo=;
	b=nr3qoHNI5wlxHFZAJTEUUu1U0yYMmnG8lPoJ0VeRdwFRjYoCx/SvE4I0CcrgHFI2XJ
	wAw4KB6DFv3Tg9tloKVQi0sWsmoCaV7J/qSxGMnRm975PILbFBIvrW5tfPn1ZRpUEiV7
	ob2hACNtYzqg6ksqLxYG1rM3O6+YxLVCWc2qpVN7shaZvFmTjp/as7RBBrffNPbbksWV
	fd6N43mBEUyOdGB8VEIGj2GJ5hqisykUF8I6qbXlUq4kODsDjo2dRS91kLMzbAQ6UKvE
	Ufgv83Gr9yWRGGdP1ZPUlS3znVlMMF5Heb75KGIAAXWZBNtQOGxbnECjMyLzZXKifX4a
	WIwQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=sender:x-gm-message-state:mime-version:from:to:cc:subject:date
	:message-id:x-original-sender:x-original-authentication-results
	:precedence:mailing-list:list-id:x-spam-checked-in-group:list-post
	:list-help:list-archive:list-subscribe:list-unsubscribe;
	bh=LEGg52NBBajzYlF/Z/ZiHg/+pofbXG3+I0yaNhgUrXo=;
	b=r0PlTYPg0XFbrIg3amaV3yRpykaT5TRYV36sR8iAuV/izo+36w80kJg0hnkZCbsl4a
	IUeS/S/uG60LsdZ/Rh7geDdqIFk7B9t0q+MizC2wjug5epS3wzHA4DjSAwk40pxIMM/u
	AduMlZuYQZ3xCJlsTTcHMnZKbmPE6AIkhNCfdhywSIS2FhgLOS1rnJxvO1r6RTDBsRHN
	WRHTVzm24Tma4v8miurhqII7ZLA3+x/4+IGFR+rl0tchTKeji5kESHTCihqljaGK48vg
	pLwEQ9vPHClAoKIAuuIGXnLMfCfrDzJxR91pcs0mUeDyzuizO4Q+ojCD68w07TQmQar5
	V6SQ==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AMCzsaVE0COcMSu497pIicQZH79dsoSxZedZoSOgmQEdQP2U53gN0c+U
	A10sAR1ip9KDLif0EWRERrU=
X-Google-Smtp-Source: 
 ABhQp+QR1UUW8Xi/GIJeXMa3D0OZF8axJ4LoSyJ54QSX8AlUA+emgX/RcwfH7PaaHC/2IqwbMw6xOQ==
X-Received: by 10.31.32.204 with SMTP id g195mr177824vkg.10.1508937448125;
	Wed, 25 Oct 2017 06:17:28 -0700 (PDT)
MIME-Version: 1.0
X-BeenThere: swupdate@googlegroups.com
Received: by 10.237.33.172 with SMTP id l41ls1657778qtc.8.gmail; Wed, 25 Oct
	2017 06:17:27 -0700 (PDT)
X-Received: by 10.55.162.204 with SMTP id l195mr1495354qke.8.1508937447880;
	Wed, 25 Oct 2017 06:17:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1508937447; cv=none;
	d=google.com; s=arc-20160816;
	b=Y36fCGSN2vrum7MsEvJw9bE9MANxAYSkuztdb7OMwhQ1nn+xu8I//tNR/51PzXcqws
	UZWOFWXyMsi75LqufCAmc+4MmsukmIKSAUgTM88nXm8c1F3mHQ/lf/ZzMxVF6QZ39BKU
	C2Hff1rQVJxN2uhNJ0Z3NFDx4w2sHzNmp6nLoKMUsL3C7m2zNM3pjvbT0LcDlvz9ARwb
	O6pfGcvsuL0uCUTlblve+LsDDDF8oEPkuLPYRt6YNlsLVHFDA3aa91Ah3NR9UivK6lEB
	XfshWf9LhAB5I3tGk+O/9/oxw10QseAn3taC3Gpp6GyrtBxBG+vhK2X0SRKmZ60KujoT
	U0RQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=message-id:date:subject:cc:to:from:dkim-signature
	:arc-authentication-results;
	bh=Cq9B4j5lMMeDOviwAkZi1ptkS/Jst7efFm8+oDzgG6U=;
	b=mdBjxsCDt7eQGHg9zhLW0KCEtvDUVDMRhIHAxmr9v9PGa3vluhu+gy4jphWgXwauIE
	nRtmdHoXthWUzxYD5CkcCsjlrg9BFSNTgCnBrFhw8V/72pNDR8Dc5HlOEXxUAmf2OjcF
	EzoACBjB1tnw6tnyvk73BFBXgNdUb9Hw3EhVN9BvZ+/7aS178lS+/YSTR/jIhK0pIUus
	NUjUN6RzDvik4nzmsoGJKorlaPYqjvkFgXfxh5Yiy6NyV7U8ZWNGS2tF59O0huQCcNQn
	WOgi9jfcsMI2qXVeDWTLnSD2Tyy3IViHHfU63K81S8GBRZiY6683yR+U2R/Y+rmKReFb
	wQcA==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
	dkim=pass header.i=@iotecha-com.20150623.gappssmtp.com
	header.s=20150623 header.b=I7E8t+o5;
	spf=pass (google.com: domain of msalau@iotecha.com designates
	2607:f8b0:400d:c0d::22e as permitted sender)
	smtp.mailfrom=msalau@iotecha.com
Received: from mail-qt0-x22e.google.com (mail-qt0-x22e.google.com.
	[2607:f8b0:400d:c0d::22e]) by gmr-mx.google.com with ESMTPS id
	f30si175063qtg.5.2017.10.25.06.17.27
	for <swupdate@googlegroups.com>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 25 Oct 2017 06:17:27 -0700 (PDT)
Received-SPF: pass (google.com: domain of msalau@iotecha.com designates
	2607:f8b0:400d:c0d::22e as permitted sender)
	client-ip=2607:f8b0:400d:c0d::22e;
Received: by mail-qt0-x22e.google.com with SMTP id j58so34697375qtj.0
	for <swupdate@googlegroups.com>; Wed, 25 Oct 2017 06:17:27 -0700 (PDT)
X-Received: by 10.200.45.61 with SMTP id n58mr28632872qta.69.1508937447438;
	Wed, 25 Oct 2017 06:17:27 -0700 (PDT)
Received: from msalau.int.iotecha.com ([134.17.27.127])
	by smtp.gmail.com with ESMTPSA id
	n76sm1700461qkn.85.2017.10.25.06.17.26
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Wed, 25 Oct 2017 06:17:27 -0700 (PDT)
From: Maksim Salau <msalau@iotecha.com>
To: swupdate@googlegroups.com
Cc: Maksim Salau <msalau@iotecha.com>
Subject: [swupdate] [PATCH] Fix SHA256 hash verification
Date: Wed, 25 Oct 2017 16:17:14 +0300
Message-Id: <1508937434-3737-1-git-send-email-msalau@iotecha.com>
X-Mailer: git-send-email 2.7.4
X-Original-Sender: msalau@iotecha.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
	header.i=@iotecha-com.20150623.gappssmtp.com header.s=20150623
	header.b=I7E8t+o5; spf=pass (google.com: domain of msalau@iotecha.com
	designates 2607:f8b0:400d:c0d::22e as permitted sender)
	smtp.mailfrom=msalau@iotecha.com
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
	contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
	<mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
	<mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
	<mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
	<https://groups.google.com/group/swupdate/subscribe>

If a CPIO archive is not valid or copying fails due to any reason,
an error message is printed, but update process continues.
The change makes the utility fail in case of read errors or
hash verification errors.

Signed-off-by: Maksim Salau <msalau@iotecha.com>
Acked-by: Stefano Babic <sbabic@denx.de>
---
 core/cpio_utils.c   | 28 +++++++++++++++++++++-------
 corelib/installer.c | 11 +++++++++--
 2 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/core/cpio_utils.c b/core/cpio_utils.c
index e962fae..de674ec 100644
--- a/core/cpio_utils.c
+++ b/core/cpio_utils.c
@@ -414,24 +414,34 @@ int extract_img_from_cpio(int fd, unsigned long offset, struct filehdr *fdh)
 off_t extract_next_file(int fd, int fdout, off_t start, int compressed,
 		int encrypted, unsigned char *hash)
 {
+	int ret;
 	struct filehdr fdh;
 	uint32_t checksum = 0;
 	unsigned long offset = start;
 
-	if (lseek(fd, offset, SEEK_SET) < 0) {
+	ret = lseek(fd, offset, SEEK_SET);
+	if (ret < 0) {
 		ERROR("CPIO file corrupted : %s\n",
 		strerror(errno));
-		return -1;
+		return ret;
 	}
 
-	if (extract_cpio_header(fd, &fdh, &offset)) {
+	ret = extract_cpio_header(fd, &fdh, &offset);
+	if (ret) {
 		ERROR("CPIO Header wrong\n");
+		return ret;
 	}
 
-	if (lseek(fd, offset, SEEK_SET) < 0)
+	ret = lseek(fd, offset, SEEK_SET);
+	if (ret < 0) {
 		ERROR("CPIO file corrupted : %s\n", strerror(errno));
-	if (copyfile(fd, &fdout, fdh.size, &offset, 0, 0, compressed, &checksum, hash, encrypted, NULL) < 0) {
+		return ret;
+	}
+
+	ret = copyfile(fd, &fdout, fdh.size, &offset, 0, 0, compressed, &checksum, hash, encrypted, NULL);
+	if (ret < 0) {
 		ERROR("Error copying extracted file\n");
+		return ret;
 	}
 
 	TRACE("Copied file:\n\tfilename %s\n\tsize %u\n\tchecksum 0x%lx %s\n",
@@ -440,9 +450,11 @@ off_t extract_next_file(int fd, int fdout, off_t start, int compressed,
 		(unsigned long)checksum,
 		(checksum == fdh.chksum) ? "VERIFIED" : "WRONG");
 
-	if (checksum != fdh.chksum)
+	if (checksum != fdh.chksum) {
 		ERROR("Checksum WRONG ! Computed 0x%lx, it should be 0x%lx\n",
 			(unsigned long)checksum, fdh.chksum);
+		return -EINVAL;
+	}
 
 	return offset;
 }
@@ -492,8 +504,10 @@ int cpio_scan(int fd, struct swupdate_cfg *cfg, off_t start)
 
 		/* Next header must be 4-bytes aligned */
 		offset += NPAD_BYTES(offset);
-		if (lseek(fd, offset, SEEK_SET) < 0)
+		if (lseek(fd, offset, SEEK_SET) < 0) {
 			ERROR("CPIO file corrupted : %s\n", strerror(errno));
+			return -1;
+		}
 	}
 
 	return 0;
diff --git a/corelib/installer.c b/corelib/installer.c
index f246953..a7fc626 100644
--- a/corelib/installer.c
+++ b/corelib/installer.c
@@ -154,6 +154,7 @@ static int extract_script(int fd, struct imglist *head, const char *dest)
 {
 	struct img_type *script;
 	int fdout;
+	int ret = 0;
 
 	LIST_FOREACH(script, head, next) {
 		if (script->provided == 0) {
@@ -166,9 +167,15 @@ static int extract_script(int fd, struct imglist *head, const char *dest)
 				dest, script->fname);
 
 		fdout = openfileoutput(script->extract_file);
-		extract_next_file(fd, fdout, script->offset, 0,
-					script->is_encrypted, script->sha256);
+		if (fdout < 0)
+			return fdout;
+
+		ret = extract_next_file(fd, fdout, script->offset, 0,
+								script->is_encrypted, script->sha256);
 		close(fdout);
+
+		if (ret < 0)
+			return ret;
 	}
 	return 0;
 }