summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSeung-Woo Kim <sw0312.kim@samsung.com>2018-05-17 15:06:46 +0900
committerSeung-Woo Kim <sw0312.kim@samsung.com>2018-06-21 17:23:09 +0900
commit661440bd6b2c28a816affc7df79f74f8e1dc94d6 (patch)
tree479af6fa0859a1fad99597576fd252f1f127e1f1
parentc3be48d9851b02e9e3eb760e9360d940748806f9 (diff)
downloadlthor-661440bd6b2c28a816affc7df79f74f8e1dc94d6.tar.gz
lthor-661440bd6b2c28a816affc7df79f74f8e1dc94d6.tar.bz2
lthor-661440bd6b2c28a816affc7df79f74f8e1dc94d6.zip
Fix overflow of filename
In thor protocol, only filename with 32 characters is allowed to send but there was overflow of filename more than 32 and it is crashed with 193 or longer length filename. Fix the overflow of filename. Note: ARTIK530 and ARTIK710 already misuse overflowed 33 length dtb filename, and exact modification as thor protocol breaks flashing on the boards. So fix with extention for the ARTIK borads by appending more 32 bytes in rqt_pkt.str_data[1] as artik u-boot expects. Change-Id: I4081024cafa276617497091e00cbb6fbc21348b7 Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
-rw-r--r--libthor/thor.c24
-rw-r--r--libthor/thor_usb.c2
2 files changed, 24 insertions, 2 deletions
diff --git a/libthor/thor.c b/libthor/thor.c
index 5a51727..0a98c6d 100644
--- a/libthor/thor.c
+++ b/libthor/thor.c
@@ -446,6 +446,8 @@ int thor_send_data(thor_device_handle *th, struct thor_data_src *data,
{
off_t filesize;
const char *filename;
+ const char *str_data[2] = { NULL, NULL };
+ int scnt;
struct res_pkt resp;
int32_t int_data[2];
off_t trans_unit_size;
@@ -464,12 +466,32 @@ int thor_send_data(thor_device_handle *th, struct thor_data_src *data,
int_data[0] = type;
int_data[1] = filesize;
+ if (strlen(filename) <= 32) {
+ /*
+ * THOR protocol only allows file name at most 32 with
+ * [RQT_DL, RQT_DL_FILE_INFO] request in
+ * rqt_pkt.str_data[0].
+ */
+ scnt = 1;
+ str_data[0] = filename;
+ } else {
+ /*
+ * Exceptionally, ARTIK boards require 33 lenght dtb
+ * file name from artik u-boot by misusing wrong lthor
+ * rqt_pkt.str_data usage, so append additional string
+ * to rqt_pkt.str_data[1].
+ */
+ scnt = 2;
+ str_data[0] = filename;
+ str_data[1] = filename + 32;
+ }
+
if (!th)
continue;
ret = t_thor_exec_cmd_full(th, RQT_DL, RQT_DL_FILE_INFO,
int_data, ARRAY_SIZE(int_data),
- (char **)&filename, 1, &resp);
+ (char **)str_data, scnt, &resp);
if (ret < 0)
return ret;
diff --git a/libthor/thor_usb.c b/libthor/thor_usb.c
index fbb35aa..b43870b 100644
--- a/libthor/thor_usb.c
+++ b/libthor/thor_usb.c
@@ -555,7 +555,7 @@ int t_usb_send_req(struct thor_device_handle *th, request_type req_id,
if (sdata) {
for (i = 0; i < scnt; i++)
- strcpy(req.str_data[i],sdata[i]);
+ strncpy(req.str_data[i], sdata[i], 32);
}
ret = t_usb_send(th, (unsigned char *)&req, RQT_PKT_SIZE, DEFAULT_TIMEOUT);