--- /dev/null
+From dba95dcd3739c604a81ffa2df2545e7a4cd430cf Mon Sep 17 00:00:00 2001
+From: Maksim Salau <msalau@iotecha.com>
+Date: Wed, 25 Oct 2017 16:17:14 +0300
+Subject: [PATCH] Fix SHA256 hash verification
+
+If a CPIO archive is not valid or copying fails due to any reason,
+an error message is printed, but update process continues.
+The change makes the utility fail in case of read errors or
+hash verification errors.
+
+Signed-off-by: Maksim Salau <msalau@iotecha.com>
+Acked-by: Stefano Babic <sbabic@denx.de>
+---
+ core/cpio_utils.c | 28 +++++++++++++++++++++-------
+ corelib/installer.c | 11 +++++++++--
+ 2 files changed, 30 insertions(+), 9 deletions(-)
+
+diff --git a/core/cpio_utils.c b/core/cpio_utils.c
+index e962fae..de674ec 100644
+--- a/core/cpio_utils.c
++++ b/core/cpio_utils.c
+@@ -414,24 +414,34 @@ int extract_img_from_cpio(int fd, unsigned long offset, struct filehdr *fdh)
+ off_t extract_next_file(int fd, int fdout, off_t start, int compressed,
+ int encrypted, unsigned char *hash)
+ {
++ int ret;
+ struct filehdr fdh;
+ uint32_t checksum = 0;
+ unsigned long offset = start;
+
+- if (lseek(fd, offset, SEEK_SET) < 0) {
++ ret = lseek(fd, offset, SEEK_SET);
++ if (ret < 0) {
+ ERROR("CPIO file corrupted : %s\n",
+ strerror(errno));
+- return -1;
++ return ret;
+ }
+
+- if (extract_cpio_header(fd, &fdh, &offset)) {
++ ret = extract_cpio_header(fd, &fdh, &offset);
++ if (ret) {
+ ERROR("CPIO Header wrong\n");
++ return ret;
+ }
+
+- if (lseek(fd, offset, SEEK_SET) < 0)
++ ret = lseek(fd, offset, SEEK_SET);
++ if (ret < 0) {
+ ERROR("CPIO file corrupted : %s\n", strerror(errno));
+- if (copyfile(fd, &fdout, fdh.size, &offset, 0, 0, compressed, &checksum, hash, encrypted, NULL) < 0) {
++ return ret;
++ }
++
++ ret = copyfile(fd, &fdout, fdh.size, &offset, 0, 0, compressed, &checksum, hash, encrypted, NULL);
++ if (ret < 0) {
+ ERROR("Error copying extracted file\n");
++ return ret;
+ }
+
+ TRACE("Copied file:\n\tfilename %s\n\tsize %u\n\tchecksum 0x%lx %s\n",
+@@ -440,9 +450,11 @@ off_t extract_next_file(int fd, int fdout, off_t start, int compressed,
+ (unsigned long)checksum,
+ (checksum == fdh.chksum) ? "VERIFIED" : "WRONG");
+
+- if (checksum != fdh.chksum)
++ if (checksum != fdh.chksum) {
+ ERROR("Checksum WRONG ! Computed 0x%lx, it should be 0x%lx\n",
+ (unsigned long)checksum, fdh.chksum);
++ return -EINVAL;
++ }
+
+ return offset;
+ }
+@@ -492,8 +504,10 @@ int cpio_scan(int fd, struct swupdate_cfg *cfg, off_t start)
+
+ /* Next header must be 4-bytes aligned */
+ offset += NPAD_BYTES(offset);
+- if (lseek(fd, offset, SEEK_SET) < 0)
++ if (lseek(fd, offset, SEEK_SET) < 0) {
+ ERROR("CPIO file corrupted : %s\n", strerror(errno));
++ return -1;
++ }
+ }
+
+ return 0;
+diff --git a/corelib/installer.c b/corelib/installer.c
+index 592ada8..d2dee28 100644
+--- a/corelib/installer.c
++++ b/corelib/installer.c
+@@ -154,6 +154,7 @@ static int extract_script(int fd, struct imglist *head, const char *dest)
+ {
+ struct img_type *script;
+ int fdout;
++ int ret = 0;
+
+ LIST_FOREACH(script, head, next) {
+ if (script->provided == 0) {
+@@ -166,9 +167,15 @@ static int extract_script(int fd, struct imglist *head, const char *dest)
+ dest, script->fname);
+
+ fdout = openfileoutput(script->extract_file);
+- extract_next_file(fd, fdout, script->offset, 0,
+- script->is_encrypted, script->sha256);
++ if (fdout < 0)
++ return fdout;
++
++ ret = extract_next_file(fd, fdout, script->offset, 0,
++ script->is_encrypted, script->sha256);
+ close(fdout);
++
++ if (ret < 0)
++ return ret;
+ }
+ return 0;
+ }
+--
+2.7.4
+
projects / buildroot.git / commitdiff