[PATCH] booti: sanity check image magic before parsing header

mail archive of the barebox mailing list
 help / color / mirror / Atom feed

* [PATCH] booti: sanity check image magic before parsing header
@ 2025-01-16 14:08 Ahmad Fatoum
  2025-01-16 14:16 ` Ahmad Fatoum
  0 siblings, 1 reply; 2+ messages in thread
From: Ahmad Fatoum @ 2025-01-16 14:08 UTC (permalink / raw)
  To: barebox; +Cc: Ahmad Fatoum

booti_load_image is called directly for kernels in FIT images.
Let's have a simple check that the payload is indeed a booti
image before parsing it.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 common/booti.c     | 11 +++++++++--
 common/filetype.c  |  6 +++---
 include/filetype.h | 11 +++++++++++
 3 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/common/booti.c b/common/booti.c
index e745ff696376..4c2033b7de0e 100644
--- a/common/booti.c
+++ b/common/booti.c
@@ -4,6 +4,7 @@
 #define pr_fmt(fmt) "booti: " fmt
 
 #include <common.h>
+#include <filetype.h>
 #include <memory.h>
 #include <bootm.h>
 #include <linux/sizes.h>
@@ -38,13 +39,19 @@ void *booti_load_image(struct image_data *data, phys_addr_t *oftree)
 	int ret;
 	void *fdt;
 
+	print_hex_dump_bytes("header ", DUMP_PREFIX_OFFSET, kernel_header, 80);
+
+	if ((IS_ENABLED(CONFIG_RISCV) && !is_riscv_linux_bootimage(kernel_header)) ||
+	    (IS_ENABLED(CONFIG_ARM64) && !is_arm64_linux_bootimage(kernel_header))) {
+		pr_err("Unexpected magic at offset 0x38!\n");
+		return ERR_PTR(-EINVAL);
+	}
+
 	text_offset = le64_to_cpup(kernel_header + 8);
 	image_size = le64_to_cpup(kernel_header + 16);
 
 	kernel = get_kernel_address(data->os_address, text_offset);
 
-	print_hex_dump_bytes("header ", DUMP_PREFIX_OFFSET,
-			     kernel_header, 80);
 	pr_debug("Kernel to be loaded to %lx+%lx\n", kernel, image_size);
 
 	if (kernel == UIMAGE_INVALID_ADDRESS)
diff --git a/common/filetype.c b/common/filetype.c
index 73ea17e19bd7..2a68879ee5de 100644
--- a/common/filetype.c
+++ b/common/filetype.c
@@ -365,11 +365,11 @@ enum filetype file_detect_type(const void *_buf, size_t bufsize)
 	if (bufsize < 64)
 		return filetype_unknown;
 
-	if (le32_to_cpu(buf[14]) == 0x644d5241)
+	if (is_arm64_linux_bootimage(buf))
 		return is_dos_exe(buf8) ? filetype_arm64_efi_linux_image : filetype_arm64_linux_image;
-	if (le32_to_cpu(buf[14]) == 0x05435352)
+	if (is_riscv_linux_bootimage(buf))
 		return is_dos_exe(buf8) ? filetype_riscv_efi_linux_image : filetype_riscv_linux_image;
-	if (le32_to_cpu(buf[14]) == 0x56435352 && !memcmp(&buf[12], "barebox", 8))
+	if (is_riscv_linux_bootimage(buf) && !memcmp(&buf[12], "barebox", 8))
 		return filetype_riscv_barebox_image;
 
 	if (le32_to_cpu(buf[5]) == 0x504d5453)
diff --git a/include/filetype.h b/include/filetype.h
index c24d061e8ffa..d445140edba1 100644
--- a/include/filetype.h
+++ b/include/filetype.h
@@ -4,6 +4,7 @@
 
 #include <linux/string.h>
 #include <linux/types.h>
+#include <asm/byteorder.h>
 
 /*
  * List of file types we know
@@ -134,4 +135,14 @@ static inline int is_barebox_head(const char *head)
 	return is_barebox_arm_head(head) || is_barebox_mips_head(head);
 }
 
+static inline bool is_arm64_linux_bootimage(const void *header)
+{
+	return le32_to_cpup(header + 56) == 0x644d5241;
+}
+
+static inline bool is_riscv_linux_bootimage(const void *header)
+{
+	return le32_to_cpup(header + 56) == 0x05435352;
+}
+
 #endif /* __FILE_TYPE_H */
-- 
2.39.5




^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] booti: sanity check image magic before parsing header
  2025-01-16 14:08 [PATCH] booti: sanity check image magic before parsing header Ahmad Fatoum
@ 2025-01-16 14:16 ` Ahmad Fatoum
  0 siblings, 0 replies; 2+ messages in thread
From: Ahmad Fatoum @ 2025-01-16 14:16 UTC (permalink / raw)
  To: barebox

On 16.01.25 15:08, Ahmad Fatoum wrote:
> booti_load_image is called directly for kernels in FIT images.
> Let's have a simple check that the payload is indeed a booti
> image before parsing it.
> 
> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>

filetype.h is also included from imx-image leading to warning there.
I will fix this in v2.

> ---
>  common/booti.c     | 11 +++++++++--
>  common/filetype.c  |  6 +++---
>  include/filetype.h | 11 +++++++++++
>  3 files changed, 23 insertions(+), 5 deletions(-)
> 
> diff --git a/common/booti.c b/common/booti.c
> index e745ff696376..4c2033b7de0e 100644
> --- a/common/booti.c
> +++ b/common/booti.c
> @@ -4,6 +4,7 @@
>  #define pr_fmt(fmt) "booti: " fmt
>  
>  #include <common.h>
> +#include <filetype.h>
>  #include <memory.h>
>  #include <bootm.h>
>  #include <linux/sizes.h>
> @@ -38,13 +39,19 @@ void *booti_load_image(struct image_data *data, phys_addr_t *oftree)
>  	int ret;
>  	void *fdt;
>  
> +	print_hex_dump_bytes("header ", DUMP_PREFIX_OFFSET, kernel_header, 80);
> +
> +	if ((IS_ENABLED(CONFIG_RISCV) && !is_riscv_linux_bootimage(kernel_header)) ||
> +	    (IS_ENABLED(CONFIG_ARM64) && !is_arm64_linux_bootimage(kernel_header))) {
> +		pr_err("Unexpected magic at offset 0x38!\n");
> +		return ERR_PTR(-EINVAL);
> +	}
> +
>  	text_offset = le64_to_cpup(kernel_header + 8);
>  	image_size = le64_to_cpup(kernel_header + 16);
>  
>  	kernel = get_kernel_address(data->os_address, text_offset);
>  
> -	print_hex_dump_bytes("header ", DUMP_PREFIX_OFFSET,
> -			     kernel_header, 80);
>  	pr_debug("Kernel to be loaded to %lx+%lx\n", kernel, image_size);
>  
>  	if (kernel == UIMAGE_INVALID_ADDRESS)
> diff --git a/common/filetype.c b/common/filetype.c
> index 73ea17e19bd7..2a68879ee5de 100644
> --- a/common/filetype.c
> +++ b/common/filetype.c
> @@ -365,11 +365,11 @@ enum filetype file_detect_type(const void *_buf, size_t bufsize)
>  	if (bufsize < 64)
>  		return filetype_unknown;
>  
> -	if (le32_to_cpu(buf[14]) == 0x644d5241)
> +	if (is_arm64_linux_bootimage(buf))
>  		return is_dos_exe(buf8) ? filetype_arm64_efi_linux_image : filetype_arm64_linux_image;
> -	if (le32_to_cpu(buf[14]) == 0x05435352)
> +	if (is_riscv_linux_bootimage(buf))
>  		return is_dos_exe(buf8) ? filetype_riscv_efi_linux_image : filetype_riscv_linux_image;
> -	if (le32_to_cpu(buf[14]) == 0x56435352 && !memcmp(&buf[12], "barebox", 8))
> +	if (is_riscv_linux_bootimage(buf) && !memcmp(&buf[12], "barebox", 8))
>  		return filetype_riscv_barebox_image;
>  
>  	if (le32_to_cpu(buf[5]) == 0x504d5453)
> diff --git a/include/filetype.h b/include/filetype.h
> index c24d061e8ffa..d445140edba1 100644
> --- a/include/filetype.h
> +++ b/include/filetype.h
> @@ -4,6 +4,7 @@
>  
>  #include <linux/string.h>
>  #include <linux/types.h>
> +#include <asm/byteorder.h>
>  
>  /*
>   * List of file types we know
> @@ -134,4 +135,14 @@ static inline int is_barebox_head(const char *head)
>  	return is_barebox_arm_head(head) || is_barebox_mips_head(head);
>  }
>  
> +static inline bool is_arm64_linux_bootimage(const void *header)
> +{
> +	return le32_to_cpup(header + 56) == 0x644d5241;
> +}
> +
> +static inline bool is_riscv_linux_bootimage(const void *header)
> +{
> +	return le32_to_cpup(header + 56) == 0x05435352;
> +}
> +
>  #endif /* __FILE_TYPE_H */


-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2025-01-16 14:16 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-01-16 14:08 [PATCH] booti: sanity check image magic before parsing header Ahmad Fatoum
2025-01-16 14:16 ` Ahmad Fatoum

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox