From 4ae6cce2a565f84cae93ed6c3fec96155c4f902d Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Fri, 28 Jan 2022 16:31:47 +0530 Subject: [PATCH] esp_https_ota: add check for image descriptor magic in relevant API --- components/esp_https_ota/src/esp_https_ota.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/components/esp_https_ota/src/esp_https_ota.c b/components/esp_https_ota/src/esp_https_ota.c index 830ba19f6f..68c3efc4ef 100644 --- a/components/esp_https_ota/src/esp_https_ota.c +++ b/components/esp_https_ota/src/esp_https_ota.c @@ -336,18 +336,26 @@ esp_err_t esp_https_ota_get_img_desc(esp_https_ota_handle_t https_ota_handle, es } if (handle->state < ESP_HTTPS_OTA_BEGIN) { ESP_LOGE(TAG, "esp_https_ota_read_img_desc: Invalid state"); - return ESP_FAIL; + return ESP_ERR_INVALID_STATE; } if (read_header(handle) != ESP_OK) { return ESP_FAIL; } - memcpy(new_app_info, &handle->ota_upgrade_buf[sizeof(esp_image_header_t) + sizeof(esp_image_segment_header_t)], sizeof(esp_app_desc_t)); + + const int app_desc_offset = sizeof(esp_image_header_t) + sizeof(esp_image_segment_header_t); + esp_app_desc_t *app_info = (esp_app_desc_t *) &handle->ota_upgrade_buf[app_desc_offset]; + if (app_info->magic_word != ESP_APP_DESC_MAGIC_WORD) { + ESP_LOGE(TAG, "Incorrect app descriptor magic"); + return ESP_FAIL; + } + + memcpy(new_app_info, app_info, sizeof(esp_app_desc_t)); return ESP_OK; } -static esp_err_t esp_ota_verify_chip_id(void *arg) +static esp_err_t esp_ota_verify_chip_id(const void *arg) { - esp_image_header_t *data = (esp_image_header_t*)(arg); + esp_image_header_t *data = (esp_image_header_t *)(arg); if (data->chip_id != CONFIG_IDF_FIRMWARE_CHIP_ID) { ESP_LOGE(TAG, "Mismatch chip id, expected %d, found %d", CONFIG_IDF_FIRMWARE_CHIP_ID, data->chip_id); return ESP_ERR_INVALID_VERSION;