From e1f1691f3f8184b39bf8f699ed7a2427311bff1b Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Wed, 2 May 2007 00:25:02 +0000 Subject: Fetch the filesize initially and compare it. In addition we compare MD5 to be absolutely sure. --- etc/rc.initial.firmware_update | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'etc/rc.initial.firmware_update') diff --git a/etc/rc.initial.firmware_update b/etc/rc.initial.firmware_update index 7e300ae..c666ff7 100755 --- a/etc/rc.initial.firmware_update +++ b/etc/rc.initial.firmware_update @@ -40,12 +40,24 @@ switch ($command) { die; $status = does_url_exist($url); if($status) { + echo "\nFetching file size...\n"; + $file_size = exec("fetch -s \"$url\""); + $file_size = trim($file_size, "\r"); + echo "\nFile size: $file_size\n"; echo "\nFetching file...\n"; - exec("fetch -w15 -a -v -o /tmp/firmware.tgz \"$url\""); + exec("fetch -1 -w15 -a -v -o /tmp/firmware.tgz \"$url\""); + if($file_size <> filesize("/tmp/firmware.tgz")) { + echo "\nFile size mismatch. Upgrade cancelled.\n\n"; + die; + } + if(!file_exists("/tmp/firmware.tgz")) { + echo "Something went wrong during file transfer. Exiting.\n\n"; + die; + } $status = does_url_exist("$url.md5"); if($status) { echo "\nFetching MD5...\n"; - exec("fetch -w15 -a -v -o /tmp/firmware.tgz.md5 \"$url.md5\""); + exec("fetch -1 -w15 -a -v -o /tmp/firmware.tgz.md5 \"$url.md5\""); } else { echo "\n\nWARNING.\n"; echo "\nCould not locate a MD5 file. We cannot verify the download once its done.\n\n"; @@ -54,9 +66,9 @@ switch ($command) { if(file_exists("/tmp/firmware.tgz.md5")) { $source_md5 = trim(`cat /tmp/firmware.tgz.md5 | awk '{ print \$4 }'`,"\r"); $file_md5 = trim(`md5 /tmp/firmware.tgz | awk '{ print \$4 }'`,"\r"); + echo "URL MD5: $source_md5\n"; + echo "Downloaded file MD5: $file_md5\n"; if($source_md5 <> $file_md5) { - echo "\nURL MD5: $source_md5"; - echo "\nDownloaded file MD5: $file_md5"; echo "\n\nMD5 checksum does not match. Cancelling upgrade.\n\n"; die -1; } -- cgit v1.1