[OpenWrt-Devel] [PATCH procd] system: reject sysupgrade of invalid firmware images by default

Rafał Miłecki zajec5 at gmail.com
Tue Sep 3 08:01:12 EDT 2019 

From: Rafał Miłecki <rafal at milecki.pl>

This validation step can be bypassed by passing "force" argument. This
is very similar to the /sbin/sysupgrade behavior and --force.

Signed-off-by: Rafał Miłecki <rafal at milecki.pl>
---
 system.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/system.c b/system.c
index 896a103..38a8799 100644
--- a/system.c
+++ b/system.c
@@ -490,6 +490,7 @@ static int validate_firmware_image(struct ubus_context *ctx,
 
 enum {
 	SYSUPGRADE_PATH,
+	SYSUPGRADE_FORCE,
 	SYSUPGRADE_PREFIX,
 	SYSUPGRADE_COMMAND,
 	SYSUPGRADE_OPTIONS,
@@ -498,6 +499,7 @@ enum {
 
 static const struct blobmsg_policy sysupgrade_policy[__SYSUPGRADE_MAX] = {
 	[SYSUPGRADE_PATH] = { .name = "path", .type = BLOBMSG_TYPE_STRING },
+	[SYSUPGRADE_FORCE] = { .name = "force", .type = BLOBMSG_TYPE_BOOL },
 	[SYSUPGRADE_PREFIX] = { .name = "prefix", .type = BLOBMSG_TYPE_STRING },
 	[SYSUPGRADE_COMMAND] = { .name = "command", .type = BLOBMSG_TYPE_STRING },
 	[SYSUPGRADE_OPTIONS] = { .name = "options", .type = BLOBMSG_TYPE_TABLE },
@@ -535,9 +537,15 @@ static int sysupgrade(struct ubus_context *ctx, struct ubus_object *obj,
 	valid = validation[VALIDATION_VALID] && blobmsg_get_bool(validation[VALIDATION_VALID]);
 	forceable = validation[VALIDATION_FORCEABLE] && blobmsg_get_bool(validation[VALIDATION_FORCEABLE]);
 
-	if (!valid && !forceable) {
-		fprintf(stderr, "Firmware image is broken and cannot be installed\n");
-		return UBUS_STATUS_NOT_SUPPORTED;
+	if (!valid) {
+		if (!forceable) {
+			fprintf(stderr, "Firmware image is broken and cannot be installed\n");
+			return UBUS_STATUS_NOT_SUPPORTED;
+		}
+		if (!tb[SYSUPGRADE_FORCE] || !blobmsg_get_bool(tb[SYSUPGRADE_FORCE])) {
+			fprintf(stderr, "Firmware image is invalid\n");
+			return UBUS_STATUS_NOT_SUPPORTED;
+		}
 	}
 
 	sysupgrade_exec_upgraded(blobmsg_get_string(tb[SYSUPGRADE_PREFIX]),
-- 
2.21.0


_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list