From patchwork Fri Apr 10 18:11:41 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mark Jonas <toertel@gmail.com>
X-Patchwork-Id: 1269154
Return-Path: <swupdate+bncBCEMDFWL6ALRBYPNYL2AKGQET63WDPY@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized)
	smtp.mailfrom=googlegroups.com
	(client-ip=2a00:1450:4864:20::437;
	helo=mail-wr1-x437.google.com;
	envelope-from=swupdate+bncbcemdfwl6alrbypnyl2akgqet63wdpy@googlegroups.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=googlegroups.com header.i=@googlegroups.com
	header.a=rsa-sha256 header.s=20161025 header.b=BZRdiqPB;
	dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.a=rsa-sha256 header.s=20161025 header.b=KPeAOJjv;
	dkim-atps=neutral
Received: from mail-wr1-x437.google.com (mail-wr1-x437.google.com
	[IPv6:2a00:1450:4864:20::437])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	key-exchange X25519 server-signature RSA-PSS (4096 bits)
	server-digest SHA256) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 48zR110Fvxz9sQx
	for <incoming@patchwork.ozlabs.org>;
	Sat, 11 Apr 2020 04:11:48 +1000 (AEST)
Received: by mail-wr1-x437.google.com with SMTP id r11sf636951wrx.21
	for <incoming@patchwork.ozlabs.org>;
	Fri, 10 Apr 2020 11:11:48 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1586542306; cv=pass;
	d=google.com; s=arc-20160816;
	b=Bhlm0Rkc2JRFFT5TvZYidCq4F0iVHeDXsz3ZRGtZpdkVAH+2zWz7GyAXRlGiwSy1tN
	bg/bLQmoVKHi+Fvn2Uc9ysYT3M2yGQV08ZT6LSV2jHfU6oHx4hdBmvn9GNyWdZigDoJu
	6QLvH01nVWJ5VW9WhUQFEI8ocw9VL6NppeLp3+eTnVsewUy8ReT+APN2OU88am1nYFlk
	Mt3Hpkyeysbf+aNUalKcqDKeR1LPrHG35/M6CBryT+5d/bE4tP4lE28EhodUsB5tLub8
	tIilwuCQ1zLzQwLqHbjTarxYeQbdyI9GmKXGeMuild+0esLi4jbJoexHGPHBfzC6pP5o
	j9EQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
	:list-id:mailing-list:precedence:message-id:date:subject:cc:to:from
	:mime-version:sender:dkim-signature:dkim-signature;
	bh=71/SLLwUkPUZlkciDaakMqAnnjfZY27Eb0GTGBP8WIQ=;
	b=bpLneXiq0cqrhTHElbNwTgxkGrD0+U6khVkkEIGYCckQNhM2Zhv5RCKgKRWrexWn3G
	rJTVTvjEXydrvRdLAktPgY4/Qj4hSzwWLKQr27VVD8kNxr59euHIcNL2OYVX8ECpROfG
	mZiC/tD67GVht4cSP+tR9AGvQGPctq7wXLXTnjDqXyncXktoKC4r70NyI4tPrL00bhpV
	H2MDBGg9gM0YJ1JzW4FQsAbYSeFLDWhu/rXoUimn4IXiwxS5V1eWFWNni1qaRLbgG5tV
	vE4UNKkVTt4OGEoTr2L0xFhTArOlRz3o1Hy2dU0fpcTt/qnD4mdk8YFvl1LkOb6plQ33
	lSxw==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
	dkim=pass header.i=@gmail.com header.s=20161025 header.b=ooVFitg0;
	spf=pass (google.com: domain of toertel@gmail.com designates
	2a00:1450:4864:20::342 as permitted sender)
	smtp.mailfrom=toertel@gmail.com;
	dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=googlegroups.com; s=20161025;
	h=sender:mime-version:from:to:cc:subject:date:message-id
	:x-original-sender:x-original-authentication-results:precedence
	:mailing-list:list-id:list-post:list-help:list-archive
	:list-subscribe:list-unsubscribe;
	bh=71/SLLwUkPUZlkciDaakMqAnnjfZY27Eb0GTGBP8WIQ=;
	b=BZRdiqPBfcKozXIBWdRqipwPzHaFgaju4OEk+hHO3fteB0JLs7jmFLyKu4ZlfJiL5Z
	zT7/px7uuyCxwjbHRNKTa2I0Doyn5D4pdkwgp0hDylxwY9USMz4EGTZlabsbIdeIqIpF
	Xj9to42K+wpgPDt/WlhBP+3ySLYeeb1oW3ZPqF7C/k3uBuEbYLr7ps5D3uxnAfjU1Ms3
	dogTF7wQ639YuCf7bYvWxZbm32YYLb/5P/EvPxMoXgYqZrw4lG2nJeWzpufaY2Ubca8D
	E6VSdBYPPGvrMfJkGDO6peC43GNaM7ppFOrlMvRsOuAYDEAVYtR9S3elu/50yQnC+f3K
	zzvw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=mime-version:from:to:cc:subject:date:message-id:x-original-sender
	:x-original-authentication-results:precedence:mailing-list:list-id
	:list-post:list-help:list-archive:list-subscribe:list-unsubscribe;
	bh=71/SLLwUkPUZlkciDaakMqAnnjfZY27Eb0GTGBP8WIQ=;
	b=KPeAOJjvKdSq7H9/5YLKnunlYaxzNI8rxxxdMtu/z8gq2EEPlJfL7joaQi/QyE6me5
	KJn6y3zkz+GCAsajWeOHrFGyGxlsPS7H7Ls1q0bn30lQivKMC3L6d/L+9Ivnfc3TEwQc
	LN5dD9BCfHFMIMn06QIuTwntVRRAuVwt8eQnH5jaIVVXVnDfednMWJsmKddgpH09wMn0
	IwbzZxTIxDOWpbUvBgJkC/aNmBMRkoTPcuwQX4LFfUGGWXz/YrkHKeme9sdNqKaUJukL
	BYzM1WeyQxfR7czUsV1t2LdU0K7AHX/UiFg2deWFN2W3y4L0vMfmAyqLOuy0VpKqmEkE
	s1iw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=sender:x-gm-message-state:mime-version:from:to:cc:subject:date
	:message-id:x-original-sender:x-original-authentication-results
	:precedence:mailing-list:list-id:x-spam-checked-in-group:list-post
	:list-help:list-archive:list-subscribe:list-unsubscribe;
	bh=71/SLLwUkPUZlkciDaakMqAnnjfZY27Eb0GTGBP8WIQ=;
	b=Btp7OrFC8T5BqN6hLB3OKbr29HDVfdeCxlCpB7nwEAC6AyZAaRE+C+IoHuMLoQMfE1
	vRdSpn97mOORlKV5lByxI73hU85qbh6C4Z83pAtL/ooqZoRqJQIo4IGIHlm1U6ElqikX
	sBLWE0X70blRpz+hWTVNjIwY4Si6ZFbAqJrEVzo4LxTJOxXm0vn9CZ+qAJrcPwftlIsh
	AQzkT1xkiw7gs8I71u7fJhb3Z9eb6k6SXBo0eYX2s7aVljNkFLQBi9AL+2MHc1WFXkcd
	cR5SxoYFcK1n8dJ2Go6nPXqLP2hxtWA5/AYGPVXWway2Ioy6n2YI+9dtY9qB7ZoFZUVP
	87Zw==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AGi0PuaOU5D7XWMS8N5o3QLbp3yFr2wNYpuwMcTMAyo35uyyZ9lcH0ix
	P++Erw/KTLqC9JxrX3a3kVc=
X-Google-Smtp-Source: 
 APiQypI3mWkx0uoyotd8scBmdghx+uni85sqb5e8FAhp5hi97SRmunxSkRklZWLazPt/7wrX/6NK4A==
X-Received: by 2002:adf:9168:: with SMTP id
	j95mr5501428wrj.145.1586542306005;
	Fri, 10 Apr 2020 11:11:46 -0700 (PDT)
MIME-Version: 1.0
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:adf:f5cc:: with SMTP id k12ls11606263wrp.6.gmail; Fri, 10
	Apr 2020 11:11:45 -0700 (PDT)
X-Received: by 2002:adf:cd8c:: with SMTP id
	q12mr5985463wrj.419.1586542305324;
	Fri, 10 Apr 2020 11:11:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1586542305; cv=none;
	d=google.com; s=arc-20160816;
	b=IaLg6h3VORBEik/nDLbItyGZ3wa43rBmXsi/7fMQ/K8I3i5nN/8eQ7y8YR7j+X/urv
	qMlYQeyU0gUPtZLjxyZ0bcL/g9sbYBNnLoqMe+UxLx1UTnykB59pOzEWnLK/l5GtAAZv
	MpwY0PwP0HiKdzRxJP5cpx/xdVKZm9GUKx8FIhiwKLotOyyrY0qHucatMHdgFaBsNlUC
	QkChbueSkefWXNPfN7zgFAhZH4u+DBryUaxyk9Qz10zspG1sQ9nA0DjrJzgmvMNVxCDE
	c3BhYbWXR9XDHP8UnGLWzaaYlQwQpVFwLe5/8TECA4BG26bC/nFiodYBp5UcBCo7dICz
	J/hg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=message-id:date:subject:cc:to:from:dkim-signature;
	bh=9DDMvIwxUhjL21ByIpXt40kZhEEjJ7FSw62/NygppnA=;
	b=sn5kqGyFfphnJ+BrWrwckYvavmcwxSsBFHYnV+odmsj5qKoXb58mFL3i7cSFMSNtgd
	3Q51Ks1xh1B7ahz7vGKqLkehAXa2LiFILn8P+ycJFML86jlgf+wynRiB/tmXJR35wZT+
	yGrUAbJAZ3Zu8ngXq4GNvBMCaSLUU77lnutknbNk35iojeqFD2Oq8JQL5Nt/5dJJOF/+
	pIg9qBULJZ22INNyNV8AU1sONeKfXijM0ThGqEaCfNoB12a2wMmiJhhceX5gP64nyJFm
	ku5q3bw6N5ZddYrE1eM48wQboAz/4N+r/fugZ7SWpaJJc8kGjVlNWFAPrvUSF0yiAelW
	S5cA==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
	dkim=pass header.i=@gmail.com header.s=20161025 header.b=ooVFitg0;
	spf=pass (google.com: domain of toertel@gmail.com designates
	2a00:1450:4864:20::342 as permitted sender)
	smtp.mailfrom=toertel@gmail.com;
	dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from mail-wm1-x342.google.com (mail-wm1-x342.google.com.
	[2a00:1450:4864:20::342]) by gmr-mx.google.com with ESMTPS id
	u15si115736wru.2.2020.04.10.11.11.45
	for <swupdate@googlegroups.com>
	(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
	Fri, 10 Apr 2020 11:11:45 -0700 (PDT)
Received-SPF: pass (google.com: domain of toertel@gmail.com designates
	2a00:1450:4864:20::342 as permitted sender)
	client-ip=2a00:1450:4864:20::342;
Received: by mail-wm1-x342.google.com with SMTP id v8so5282653wma.0
	for <swupdate@googlegroups.com>; Fri, 10 Apr 2020 11:11:45 -0700 (PDT)
X-Received: by 2002:a1c:7415:: with SMTP id p21mr6109638wmc.93.1586542304665;
	Fri, 10 Apr 2020 11:11:44 -0700 (PDT)
Received: from gigabyte.fritz.box
	(p200300CFAF413B00D06CABACF1F630B9.dip0.t-ipconnect.de.
	[2003:cf:af41:3b00:d06c:abac:f1f6:30b9])
	by smtp.gmail.com with ESMTPSA id
	i8sm4116133wrb.41.2020.04.10.11.11.43
	(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
	Fri, 10 Apr 2020 11:11:44 -0700 (PDT)
From: Mark Jonas <toertel@gmail.com>
To: swupdate@googlegroups.com
Cc: Mark Jonas <toertel@gmail.com>
Subject: [swupdate] [PATCH] core: Fix CID 292180 save_stream() check read
	error
Date: Fri, 10 Apr 2020 20:11:41 +0200
Message-Id: <20200410181141.32567-1-toertel@gmail.com>
X-Mailer: git-send-email 2.17.1
X-Original-Sender: toertel@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
	header.i=@gmail.com header.s=20161025 header.b=ooVFitg0; spf=pass
	(google.com: domain of toertel@gmail.com designates
	2a00:1450:4864:20::342 as
	permitted sender) smtp.mailfrom=toertel@gmail.com; dmarc=pass (p=NONE
	sp=QUARANTINE dis=NONE) header.from=gmail.com
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
	contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
	<mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
	<mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
	<mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
	<https://groups.google.com/group/swupdate/subscribe>

Reading from file can fail. Detect this and abort instead of continuing
with invalid data.

Signed-off-by: Mark Jonas <toertel@gmail.com>
Reviewed-by: Stefano Babic <sbabic@denx.de>
---
 core/stream_interface.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/core/stream_interface.c b/core/stream_interface.c
index 0866ecd..8e623d8 100644
--- a/core/stream_interface.c
+++ b/core/stream_interface.c
@@ -368,7 +368,7 @@ static int save_stream(int fdin, struct swupdate_cfg *software)
 	}
 
 	/*
-	 * Cache the beginnining of the SWU to parse
+	 * Cache the beginning of the SWU to parse
 	 * sw-description and check if the output must be
 	 * redirected. This allows to define the output file on demand
 	 * setting it into sw-description.
@@ -380,6 +380,11 @@ static int save_stream(int fdin, struct swupdate_cfg *software)
 		goto no_copy_output;
 	}
 	len = read(fdin, buf, bufsize);
+	if (len < 0) {
+		ERROR("Reading from file failed, error %d", errno);
+		ret = -EFAULT;
+		goto no_copy_output;
+	}
 	if (get_cpiohdr(buf, &fdh.size, &fdh.namesize, &fdh.chksum) < 0) {
 		ERROR("CPIO Header corrupted, cannot be parsed");
 		ret = -EINVAL;