diff options
author | Seung-Woo Kim <sw0312.kim@samsung.com> | 2018-05-17 15:06:46 +0900 |
---|---|---|
committer | Seung-Woo Kim <sw0312.kim@samsung.com> | 2018-06-21 17:23:09 +0900 |
commit | 661440bd6b2c28a816affc7df79f74f8e1dc94d6 (patch) | |
tree | 479af6fa0859a1fad99597576fd252f1f127e1f1 | |
parent | c3be48d9851b02e9e3eb760e9360d940748806f9 (diff) | |
download | lthor-661440bd6b2c28a816affc7df79f74f8e1dc94d6.tar.gz lthor-661440bd6b2c28a816affc7df79f74f8e1dc94d6.tar.bz2 lthor-661440bd6b2c28a816affc7df79f74f8e1dc94d6.zip |
Fix overflow of filename
In thor protocol, only filename with 32 characters is allowed to
send but there was overflow of filename more than 32 and it is
crashed with 193 or longer length filename. Fix the overflow of
filename.
Note: ARTIK530 and ARTIK710 already misuse overflowed 33 length dtb
filename, and exact modification as thor protocol breaks flashing
on the boards. So fix with extention for the ARTIK borads by
appending more 32 bytes in rqt_pkt.str_data[1] as artik u-boot
expects.
Change-Id: I4081024cafa276617497091e00cbb6fbc21348b7
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
-rw-r--r-- | libthor/thor.c | 24 | ||||
-rw-r--r-- | libthor/thor_usb.c | 2 |
2 files changed, 24 insertions, 2 deletions
diff --git a/libthor/thor.c b/libthor/thor.c index 5a51727..0a98c6d 100644 --- a/libthor/thor.c +++ b/libthor/thor.c @@ -446,6 +446,8 @@ int thor_send_data(thor_device_handle *th, struct thor_data_src *data, { off_t filesize; const char *filename; + const char *str_data[2] = { NULL, NULL }; + int scnt; struct res_pkt resp; int32_t int_data[2]; off_t trans_unit_size; @@ -464,12 +466,32 @@ int thor_send_data(thor_device_handle *th, struct thor_data_src *data, int_data[0] = type; int_data[1] = filesize; + if (strlen(filename) <= 32) { + /* + * THOR protocol only allows file name at most 32 with + * [RQT_DL, RQT_DL_FILE_INFO] request in + * rqt_pkt.str_data[0]. + */ + scnt = 1; + str_data[0] = filename; + } else { + /* + * Exceptionally, ARTIK boards require 33 lenght dtb + * file name from artik u-boot by misusing wrong lthor + * rqt_pkt.str_data usage, so append additional string + * to rqt_pkt.str_data[1]. + */ + scnt = 2; + str_data[0] = filename; + str_data[1] = filename + 32; + } + if (!th) continue; ret = t_thor_exec_cmd_full(th, RQT_DL, RQT_DL_FILE_INFO, int_data, ARRAY_SIZE(int_data), - (char **)&filename, 1, &resp); + (char **)str_data, scnt, &resp); if (ret < 0) return ret; diff --git a/libthor/thor_usb.c b/libthor/thor_usb.c index fbb35aa..b43870b 100644 --- a/libthor/thor_usb.c +++ b/libthor/thor_usb.c @@ -555,7 +555,7 @@ int t_usb_send_req(struct thor_device_handle *th, request_type req_id, if (sdata) { for (i = 0; i < scnt; i++) - strcpy(req.str_data[i],sdata[i]); + strncpy(req.str_data[i], sdata[i], 32); } ret = t_usb_send(th, (unsigned char *)&req, RQT_PKT_SIZE, DEFAULT_TIMEOUT); |