diff options
| author | Vadim Bendebury <vbendeb@google.com> | 2023-03-07 13:28:12 -0800 |
|---|---|---|
| committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2023-03-07 22:46:39 +0000 |
| commit | 8b6ac106ba968bb3321e0fae98be00b29156232a (patch) | |
| tree | 0b83546e586fc745c4d8a3b3aec4e8af19470793 | |
| parent | 84267aafea80423ed40024006e0a05a7acc03fc9 (diff) | |
| download | chrome-ec-8b6ac106ba968bb3321e0fae98be00b29156232a.tar.gz | |
upgrade_fw: do not accept headers smaller than a flash page
Headers smaller than flash page are not valid, let's not accept them
durinf firmware updates.
BUG=b:272058500
TEST=using dd corrupted an existing image header size field to be set
to 0x400, and tried to download the image using gsctool and
observed the expected error message on the Cr50 console:
fw_upgrade_command_handler:505 image at 4000 too small
and in the host terminal:
Error: status 0xb
Change-Id: I27b0bbd6a1204b20bd2d0ac1ce88082ed911d339
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4316741
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
| -rw-r--r-- | chip/g/upgrade_fw.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/chip/g/upgrade_fw.c b/chip/g/upgrade_fw.c index 0615f2e034..03f346275e 100644 --- a/chip/g/upgrade_fw.c +++ b/chip/g/upgrade_fw.c @@ -500,6 +500,12 @@ void fw_upgrade_command_handler(void *body, struct SignedHeader *header; header = (struct SignedHeader *) upgrade_data; + if (header->image_size < CONFIG_FLASH_BANK_SIZE) { + *error_code = UPGRADE_TRUNCATED_HEADER_ERROR; + CPRINTF("%s:%d image at %x too small\n", + __func__, __LINE__, block_offset); + return; + } /* * Set the top bit of the size field. It will be impossible to |