View Issue Details

IDProjectCategoryView StatusLast Update
0000138easycwmpHelppublic2017-11-22 12:08
Reportersuperkid Assigned To 
PriorityhighSeveritycrashReproducibilityalways
Status newResolutionopen 
PlatformOpenwrtOSLinuxOS Version3.10.14
Summary0000138: Firmware update continues even if file is incomplete
DescriptionWhen we update our devices using acs server and if acs server suddenly stopped, download will be incomplete but firmware update continues and it destroys our devices. Do you have hash code checks before updating the device? Please help.
TagsNo tags attached.
e-mail notification

Activities

mohamed.kallel

2016-05-27 09:51

administrator   ~0000479

we do not have code that check the validity of the firmware. I think that the job of the update command.
But I think you can use md5 Checksum check of the OpenWRT firmware before calling sysupgrade. I tihnk the luci page do that before calling the sysupgrade command. I think that you can develop a check function that calculate the firmware checksum and then compare it to the firmware checksum.
Please keep me updated with your advancement and please share your check function if you are going to develop it

superkid

2016-05-30 05:50

reporter   ~0000480

But you are checking if the downloaded file matches the correct file size and if it doesn't, you will download it again before proceeding to firmware update right? I just don't understand why it continue to update even if the file is incomplete.

mohamed.kallel

2016-05-30 10:16

administrator   ~0000481

could you please provide your traffic capture and your firmware

superkid

2016-06-17 09:32

reporter   ~0000485

i fixed by comparing the file size before continuing update

 if [ "$dl_size" -lt "$size_check" ]; then
        let fault_code=9000+$E_DOWNLOAD_FAILURE
        common_json_output_fault "" "$fault_code"
 else
        /sbin/sysupgrade $DOWNLOAD_FILE
 fi

hmh

2017-11-22 12:08

reporter   ~0000827

The current lack of proper size checking on the downloaded file before one handles the data to "sysupgrade" is one MAJOR issue in the easycwmp scripts. Fixing it would improve the safety of firmware upgrade operations a great deal...

One can trivially get sysupgrade images with internal checksums in LEDE by enabling the image metadata mode (this is even the default on a few LEDE targets already), but the file format is going to FAIL to detect truncation unless you activate "require metadata" mode for the platform, which breaks backwards compatibility (older images, or images from other openwrt clones/forks won't have been generated with the checksum trailer).

And the underlying platform-specific flash upgrade routines that "sysupgrade" calls are not always good enough to have their own embedded checksums *or* check them, to put it mildly. So, depending on the platform you target, you can get a missflash on truncated files, instead of a clean rejection.

Issue History

Date Modified Username Field Change
2016-05-27 09:34 superkid New Issue
2016-05-27 09:51 mohamed.kallel Note Added: 0000479
2016-05-30 05:50 superkid Note Added: 0000480
2016-05-30 10:16 mohamed.kallel Note Added: 0000481
2016-06-17 09:32 superkid Note Added: 0000485
2017-11-22 12:08 hmh Note Added: 0000827