From 50c4b6f441f7d63f3e992dbf34b8e47243443441 Mon Sep 17 00:00:00 2001 From: dhewg Date: Fri, 17 Apr 2009 18:22:04 +0200 Subject: [PATCH] Check the uploaded ARM binary prior to executing. --- boot2.c | 8 +------- elf.h | 7 +++++++ gecko.c | 15 +++++++++++++-- 3 files changed, 21 insertions(+), 9 deletions(-) diff --git a/boot2.c b/boot2.c index 9174638..bdfe5b2 100644 --- a/boot2.c +++ b/boot2.c @@ -22,6 +22,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include "types.h" +#include "elf.h" #include "nand.h" #include "memory.h" #include "crypto.h" @@ -49,13 +50,6 @@ typedef struct { u32 padding[3]; } boot2header; -typedef struct { - u32 hdrsize; - u32 loadersize; - u32 elfsize; - u32 argument; -} ioshdr; - typedef struct { u64 signature; u32 generation; diff --git a/elf.h b/elf.h index 088cee7..f2c37c9 100644 --- a/elf.h +++ b/elf.h @@ -62,5 +62,12 @@ typedef struct { #define PT_SHLIB 5 #define PT_PHDR 6 +typedef struct { + u32 hdrsize; + u32 loadersize; + u32 elfsize; + u32 argument; +} ioshdr; + #endif diff --git a/gecko.c b/gecko.c index 6bdcb1d..d38225a 100644 --- a/gecko.c +++ b/gecko.c @@ -29,6 +29,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #include "string.h" #include "utils.h" #include "hollywood.h" +#include "elf.h" #include "powerpc.h" #include "powerpc_elf.h" #include "gecko.h" @@ -343,11 +344,21 @@ void gecko_timer(void) { return; } + ioshdr *h; + // done receiving, handle the command switch (_gecko_cmd) { case GECKO_CMD_BIN_ARM: - // skip headerlen, which is stored at u32[0] - ipc_enqueue_slow(IPC_DEV_SYS, IPC_SYS_JUMP, 1, ((u32 *) 0x0)[0]); + h = (ioshdr *) (u32 *) 0x0; + + if (h->hdrsize != sizeof (ioshdr)) + goto cleanup; + + if (memcmp("\x7F" "ELF\x01\x02\x01", + (void *) (h->hdrsize + h->loadersize), 7)) + goto cleanup; + + ipc_enqueue_slow(IPC_DEV_SYS, IPC_SYS_JUMP, 1, h->hdrsize); break; case GECKO_CMD_BIN_PPC: