From 661440bd6b2c28a816affc7df79f74f8e1dc94d6 Mon Sep 17 00:00:00 2001 From: Seung-Woo Kim Date: Thu, 17 May 2018 15:06:46 +0900 Subject: Fix overflow of filename In thor protocol, only filename with 32 characters is allowed to send but there was overflow of filename more than 32 and it is crashed with 193 or longer length filename. Fix the overflow of filename. Note: ARTIK530 and ARTIK710 already misuse overflowed 33 length dtb filename, and exact modification as thor protocol breaks flashing on the boards. So fix with extention for the ARTIK borads by appending more 32 bytes in rqt_pkt.str_data[1] as artik u-boot expects. Change-Id: I4081024cafa276617497091e00cbb6fbc21348b7 Signed-off-by: Seung-Woo Kim --- libthor/thor.c | 24 +++++++++++++++++++++++- libthor/thor_usb.c | 2 +- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/libthor/thor.c b/libthor/thor.c index 5a51727..0a98c6d 100644 --- a/libthor/thor.c +++ b/libthor/thor.c @@ -446,6 +446,8 @@ int thor_send_data(thor_device_handle *th, struct thor_data_src *data, { off_t filesize; const char *filename; + const char *str_data[2] = { NULL, NULL }; + int scnt; struct res_pkt resp; int32_t int_data[2]; off_t trans_unit_size; @@ -464,12 +466,32 @@ int thor_send_data(thor_device_handle *th, struct thor_data_src *data, int_data[0] = type; int_data[1] = filesize; + if (strlen(filename) <= 32) { + /* + * THOR protocol only allows file name at most 32 with + * [RQT_DL, RQT_DL_FILE_INFO] request in + * rqt_pkt.str_data[0]. + */ + scnt = 1; + str_data[0] = filename; + } else { + /* + * Exceptionally, ARTIK boards require 33 lenght dtb + * file name from artik u-boot by misusing wrong lthor + * rqt_pkt.str_data usage, so append additional string + * to rqt_pkt.str_data[1]. + */ + scnt = 2; + str_data[0] = filename; + str_data[1] = filename + 32; + } + if (!th) continue; ret = t_thor_exec_cmd_full(th, RQT_DL, RQT_DL_FILE_INFO, int_data, ARRAY_SIZE(int_data), - (char **)&filename, 1, &resp); + (char **)str_data, scnt, &resp); if (ret < 0) return ret; diff --git a/libthor/thor_usb.c b/libthor/thor_usb.c index fbb35aa..b43870b 100644 --- a/libthor/thor_usb.c +++ b/libthor/thor_usb.c @@ -555,7 +555,7 @@ int t_usb_send_req(struct thor_device_handle *th, request_type req_id, if (sdata) { for (i = 0; i < scnt; i++) - strcpy(req.str_data[i],sdata[i]); + strncpy(req.str_data[i], sdata[i], 32); } ret = t_usb_send(th, (unsigned char *)&req, RQT_PKT_SIZE, DEFAULT_TIMEOUT); -- cgit v1.2.3