AU: Check the delta magic and fail on mismatch.
This patch also fixes an issue where update_engine may keep the rootfs/kernel
file handles open when it fails to apply an update and the delta performer is
closed prematurely.
BUG=7645
TEST=unit tests, tested on device
Change-Id: If5706e0f5dd69fb728d97fc35c83f25cba144c4d
Review URL: http://codereview.chromium.org/5121008
diff --git a/delta_performer.cc b/delta_performer.cc
index e14ad4e..a5b7a72 100644
--- a/delta_performer.cc
+++ b/delta_performer.cc
@@ -146,10 +146,6 @@
}
int DeltaPerformer::Close() {
- if (!buffer_.empty()) {
- LOG(ERROR) << "Called Close() while buffer not empty!";
- return -1;
- }
int err = 0;
if (close(kernel_fd_) == -1) {
err = errno;
@@ -160,8 +156,14 @@
PLOG(ERROR) << "Unable to close rootfs fd:";
}
LOG_IF(ERROR, !hash_calculator_.Finalize()) << "Unable to finalize the hash.";
- fd_ = -2; // Set so that isn't not valid AND calls to Open() will fail.
+ fd_ = -2; // Set to invalid so that calls to Open() will fail.
path_ = "";
+ if (!buffer_.empty()) {
+ LOG(ERROR) << "Called Close() while buffer not empty!";
+ if (err >= 0) {
+ err = 1;
+ }
+ }
return -err;
}
@@ -201,12 +203,15 @@
buffer_.insert(buffer_.end(), c_bytes, c_bytes + count);
if (!manifest_valid_) {
- // See if we have enough bytes for the manifest yet
if (buffer_.size() < strlen(kDeltaMagic) +
kDeltaVersionLength + kDeltaProtobufLengthLength) {
- // Don't have enough bytes to even know the protobuf length
+ // Don't have enough bytes to know the protobuf length.
return count;
}
+ if (memcmp(buffer_.data(), kDeltaMagic, strlen(kDeltaMagic)) != 0) {
+ LOG(ERROR) << "Bad payload format -- invalid delta magic.";
+ return -EINVAL;
+ }
uint64_t protobuf_length;
COMPILE_ASSERT(sizeof(protobuf_length) == kDeltaProtobufLengthLength,
protobuf_length_size_mismatch);