skip checking any ec update image that reports a length beyond our slice bounds

bunnie · bunnie · commit aea9b95506d5 · 2023-02-26T01:22:53.000+08:00
diff --git a/services/status/src/ecup.rs b/services/status/src/ecup.rs
@@ -202,7 +202,7 @@ pub(crate) fn ecupdate_thread(sid: xous::SID) {
                 // the semver *could* be bogus at this point, but we'll validate the package (which contains the semver) before we use it.
                 // however, this check is much less computationally expensive than the package validation.
                 let length = u32::from_le_bytes(package[0x28..0x2c].try_into().unwrap());
-                if length == 0xffff_ffff { // nothing was staged at all
+                if length > xous::EC_FW_PKG_LEN { // nothing was staged, or it is bogus (blank FLASH is 0xFFFF_FFFF "length")
                     xous::return_scalar(msg.sender, UpdateResult::PackageInvalid.to_usize().unwrap()).unwrap();
                     continue;
                 }

Original file line number	Diff line number	Diff line change
`@@ -202,7 +202,7 @@ pub(crate) fn ecupdate_thread(sid: xous::SID) {`
`202`	`202`	`// the semver could be bogus at this point, but we'll validate the package (which contains the semver) before we use it.`
`203`	`203`	`// however, this check is much less computationally expensive than the package validation.`
`204`	`204`	`let length = u32::from_le_bytes(package[0x28..0x2c].try_into().unwrap());`
`205`		`- if length == 0xffff_ffff { // nothing was staged at all`
	`205`	`+ if length > xous::EC_FW_PKG_LEN { // nothing was staged, or it is bogus (blank FLASH is 0xFFFF_FFFF "length")`
`206`	`206`	`xous::return_scalar(msg.sender, UpdateResult::PackageInvalid.to_usize().unwrap()).unwrap();`
`207`	`207`	`continue;`
`208`	`208`	`}`