summaryrefslogtreecommitdiff
path: root/target
diff options
context:
space:
mode:
authorjuhosg <juhosg@3c298f89-4303-0410-b956-a3cf2f4a3e73>2011-12-05 14:52:33 +0000
committerjuhosg <juhosg@3c298f89-4303-0410-b956-a3cf2f4a3e73>2011-12-05 14:52:33 +0000
commit35606f14a388aeb418787c3fb6d4e8b0f75afae2 (patch)
tree1200df199c248d42bf4160be52e118812a9d7658 /target
parentc07b7093434b8bcdb038f7c6056cb34f772990d7 (diff)
ar71xx: check squashfs signature in TP-Link mtd parser
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29446 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'target')
-rw-r--r--target/linux/ar71xx/files/drivers/mtd/tplinkpart.c32
1 files changed, 31 insertions, 1 deletions
diff --git a/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c b/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c
index 7b2ac7e40d..2cbad5ada1 100644
--- a/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c
+++ b/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c
@@ -10,6 +10,7 @@
#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/vmalloc.h>
+#include <linux/magic.h>
#include <linux/mtd/mtd.h>
#include <linux/mtd/partitions.h>
@@ -83,6 +84,26 @@ err:
return NULL;
}
+static int tplink_check_squashfs_magic(struct mtd_info *mtd, size_t offset)
+{
+ u32 magic;
+ size_t retlen;
+ int ret;
+
+ ret = mtd->read(mtd, offset, sizeof(magic), &retlen,
+ (unsigned char *) &magic);
+ if (ret)
+ return ret;
+
+ if (retlen != sizeof(magic))
+ return -EIO;
+
+ if (le32_to_cpu(magic) != SQUASHFS_MAGIC)
+ return -EINVAL;
+
+ return 0;
+}
+
static int tplink_parse_partitions(struct mtd_info *master,
struct mtd_partition **pparts,
unsigned long origin)
@@ -93,6 +114,7 @@ static int tplink_parse_partitions(struct mtd_info *master,
size_t offset;
size_t art_offset;
size_t rootfs_offset;
+ size_t squashfs_offset;
int ret;
nr_parts = TPLINK_NUM_PARTS;
@@ -111,7 +133,15 @@ static int tplink_parse_partitions(struct mtd_info *master,
goto err_free_parts;
}
- rootfs_offset = offset + be32_to_cpu(header->rootfs_ofs);
+ squashfs_offset = offset + sizeof(struct tplink_fw_header) +
+ be32_to_cpu(header->kernel_len);
+
+ ret = tplink_check_squashfs_magic(master, squashfs_offset);
+ if (ret == 0)
+ rootfs_offset = squashfs_offset;
+ else
+ rootfs_offset = offset + be32_to_cpu(header->rootfs_ofs);
+
art_offset = master->size - TPLINK_ART_LEN;
parts[0].name = "u-boot";