commit 934bb411c431ed901ece20b815073adeb0846902
author Darin Petkov <petkov@chromium.org> Thu Nov 18 11:21:35 2010 -0800
committer Darin Petkov <petkov@chromium.org> Thu Nov 18 11:21:35 2010 -0800
tree 6d0bf1626d08afbbada5a10920607d5e393b3373
parent 9c096d6691414d32dee22e083ac8e2e8d24b0880

AU: Check the delta magic and fail on mismatch.

This patch also fixes an issue where update_engine may keep the rootfs/kernel
file handles open when it fails to apply an update and the delta performer is
closed prematurely.

BUG=7645
TEST=unit tests, tested on device

Change-Id: If5706e0f5dd69fb728d97fc35c83f25cba144c4d

Review URL: http://codereview.chromium.org/5121008

delta_performer.cc

diff --git a/delta_performer.cc b/delta_performer.cc
index e14ad4e..a5b7a72 100644
--- a/delta_performer.cc
+++ b/delta_performer.cc
@@ -146,10 +146,6 @@
 }
 
 int DeltaPerformer::Close() {
-  if (!buffer_.empty()) {
-    LOG(ERROR) << "Called Close() while buffer not empty!";
-    return -1;
-  }
   int err = 0;
   if (close(kernel_fd_) == -1) {
     err = errno;
@@ -160,8 +156,14 @@
     PLOG(ERROR) << "Unable to close rootfs fd:";
   }
   LOG_IF(ERROR, !hash_calculator_.Finalize()) << "Unable to finalize the hash.";
-  fd_ = -2;  // Set so that isn't not valid AND calls to Open() will fail.
+  fd_ = -2;  // Set to invalid so that calls to Open() will fail.
   path_ = "";
+  if (!buffer_.empty()) {
+    LOG(ERROR) << "Called Close() while buffer not empty!";
+    if (err >= 0) {
+      err = 1;
+    }
+  }
   return -err;
 }
 
@@ -201,12 +203,15 @@
   buffer_.insert(buffer_.end(), c_bytes, c_bytes + count);
 
   if (!manifest_valid_) {
-    // See if we have enough bytes for the manifest yet
     if (buffer_.size() < strlen(kDeltaMagic) +
         kDeltaVersionLength + kDeltaProtobufLengthLength) {
-      // Don't have enough bytes to even know the protobuf length
+      // Don't have enough bytes to know the protobuf length.
       return count;
     }
+    if (memcmp(buffer_.data(), kDeltaMagic, strlen(kDeltaMagic)) != 0) {
+      LOG(ERROR) << "Bad payload format -- invalid delta magic.";
+      return -EINVAL;
+    }
     uint64_t protobuf_length;
     COMPILE_ASSERT(sizeof(protobuf_length) == kDeltaProtobufLengthLength,
                    protobuf_length_size_mismatch);

delta_performer_unittest.cc

diff --git a/delta_performer_unittest.cc b/delta_performer_unittest.cc
index 37a0c68..42f237b 100755
--- a/delta_performer_unittest.cc
+++ b/delta_performer_unittest.cc
@@ -367,6 +367,17 @@
   DoSmallImageTest(false, false, true);
 }
 
+TEST(DeltaPerformerTest, BadDeltaMagicTest) {
+  PrefsMock prefs;
+  DeltaPerformer performer(&prefs);
+  EXPECT_EQ(0, performer.Open("/dev/null", 0, 0));
+  EXPECT_TRUE(performer.OpenKernel("/dev/null"));
+  EXPECT_EQ(4, performer.Write("junk", 4));
+  EXPECT_EQ(8, performer.Write("morejunk", 8));
+  EXPECT_LT(performer.Write("morejunk", 8), 0);
+  EXPECT_LT(performer.Close(), 0);
+}
+
 TEST(DeltaPerformerTest, IsIdempotentOperationTest) {
   DeltaArchiveManifest_InstallOperation op;
   EXPECT_TRUE(DeltaPerformer::IsIdempotentOperation(op));