From d7c50f76aa8a6110c0d7f9c10a10e6a6001b035e Mon Sep 17 00:00:00 2001 From: David Baka Date: Wed, 27 Mar 2024 14:07:29 +0100 Subject: [PATCH] Updater - fixed signature verification for compressed binaries (#9109) Previously, Arduino Core attempted to read from flash memory without proper consideration for the 4-byte alignment requirement when calculating the hash for the signature verification. This did not present an issue when uncompressed binaries are checked as all compiled binaries are 4-aligned (unconfirmed, just an educated guess), and signature verification appears to work well in these cases. When uploading a compressed binary (based on this) the gzip algorithm makes no attempt to produce a 4-aligned file. The rest of the signing results in a valid signed binary regardless, however when calculating the hash for the verification process there is a ~75% chance that the hash will include some bytes from the signature, thus compromising the whole signature verification process. editorial note: ESP.flashRead for u8 arrays (aka byte arrays) was already updated to properly handle both aligned and unaligned target buffer and / or length, while u32 expects that its arguments are already aligned. Since array pointer in Updater is already aligned, this properly handles unaligned size case. --- cores/esp8266/Updater.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cores/esp8266/Updater.cpp b/cores/esp8266/Updater.cpp index b4961b616..ef79a5cbf 100644 --- a/cores/esp8266/Updater.cpp +++ b/cores/esp8266/Updater.cpp @@ -284,7 +284,7 @@ bool UpdaterClass::end(bool evenIfRemaining){ _hash->begin(); for (uint32_t offset = 0; offset < binSize; offset += sizeof(buff)) { auto len = std::min(sizeof(buff), binSize - offset); - ESP.flashRead(_startAddress + offset, reinterpret_cast(&buff[0]), len); + ESP.flashRead(_startAddress + offset, buff, len); _hash->add(buff, len); } _hash->end();