From b5163e0dbed5fbeb23b9ffa872489c54731c4c3b Mon Sep 17 00:00:00 2001 From: Michael Gernoth Date: Sun, 1 Feb 2009 15:56:07 +0100 Subject: [PATCH 1/1] better corruption check by calculating the number of fill bytes --- extract.c | 32 ++++++++++++++++++++++++++++---- firmware.c | 25 +++++++------------------ 2 files changed, 35 insertions(+), 22 deletions(-) diff --git a/extract.c b/extract.c index 1f9c4dd..b420899 100644 --- a/extract.c +++ b/extract.c @@ -15,6 +15,7 @@ struct file_entry* get_next_file(unsigned char *fw, int len) { static unsigned char *pos; + static unsigned char *start; static unsigned char *end; static struct file_entry fent; int name_length; @@ -25,6 +26,7 @@ struct file_entry* get_next_file(unsigned char *fw, int len) #if 0 printf("Start of filesystem: 0x%08x\n", *((unsigned int*)pos)); #endif + start = fw; pos = fw + *((unsigned int*)pos); end = fw + len; } @@ -32,6 +34,28 @@ struct file_entry* get_next_file(unsigned char *fw, int len) fent.unknown = *pos; pos++; + if (fent.unknown == 0x00) { + /* EOF */ + int fill = (4 - ((pos - start) % 4)) % 4; + int i; + + for (i = 0; i < fill; i++) { + if (*pos != 0xff) { + fprintf(stderr, "Wrong fill byte after EOF: 0x%02x, aborting!\n", *pos); + exit(1); + } + pos++; + } + + if (pos != end) { + fprintf(stderr, "EOF marker not at end-of-file %p <-> %p, aborting!\n", pos, end); + exit(1); + } + + return NULL; + } + + name_length = *((unsigned int*)pos); pos += 4; @@ -40,10 +64,10 @@ struct file_entry* get_next_file(unsigned char *fw, int len) if ((fent.length > (end - pos)) || (name_length > (end - pos))) { -#if 0 - printf("EOF reached\n"); -#endif - return NULL; + printf("EOF reached without hitting EOF marker, aborting " + "(unknown: 0x%02x, namelen: 0x%08x, contentlen: 0x%08x!\n", + fent.unknown, name_length, fent.length); + exit(1); } fent.name = (char*)pos; diff --git a/firmware.c b/firmware.c index 6056111..aeef48c 100644 --- a/firmware.c +++ b/firmware.c @@ -345,22 +345,17 @@ int check_crc(unsigned char *fw, int len) return ret; } -int check_image(unsigned char *fw, int len) +void check_image(unsigned char *fw, int len) { struct file_entry *fent; char *last_name = NULL; + /* get_next_file will abort on error */ fent = get_next_file(fw, len); while (fent != NULL) { last_name = fent->name; fent = get_next_file(NULL, 0); } - - if (strcmp(last_name, "pdata")) { - return 1; - } - - return 0; } int main(int argc, char **argv) @@ -451,15 +446,12 @@ int main(int argc, char **argv) exit(1); } - if (check_image(fw, statbuf.st_size-4) != 0) { - fprintf(stderr, "corrupt firmware image found (pdata is not last entry), aborting!\n"); - exit(1); - } + check_image(fw, statbuf.st_size - 4); if (patch_fw) { struct propaction *cpaction = paction; - change_properties(fw, statbuf.st_size, paction); + change_properties(fw, statbuf.st_size - 4, paction); printf("\nProperty change results:\n"); while(cpaction != NULL) { @@ -483,12 +475,12 @@ int main(int argc, char **argv) } if (patch_bd) { - handle_boarddescription(fw, statbuf.st_size -4, 1); + handle_boarddescription(fw, statbuf.st_size - 4, 1); } if (showall) { show_properties(fw, statbuf.st_size - 4); - handle_boarddescription(fw, statbuf.st_size -4, 0); + handle_boarddescription(fw, statbuf.st_size - 4, 0); } if (extract) { @@ -501,10 +493,7 @@ int main(int argc, char **argv) *((unsigned int*)(fw + statbuf.st_size - 4)) = crc; } - if (check_image(fw, statbuf.st_size-4) != 0) { - fprintf(stderr, "corrupt firmware image found (pdata is not last entry), aborting!\n"); - exit(1); - } + check_image(fw, statbuf.st_size-4); if (check_crc(fw, statbuf.st_size) == 0) { char *newfile; -- 2.39.5