From 241bf765ec0781a785befd9dfd0752e5d9acf1fa Mon Sep 17 00:00:00 2001
From: Gareth McMullin <gareth@blacksphere.co.nz>
Date: Tue, 22 May 2012 21:47:18 +1200
Subject: [PATCH] DFU: Protect bootloader sectors if needed.

Check address bounds on erase/set address.
---
 src/stm32/usbdfu.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/stm32/usbdfu.c b/src/stm32/usbdfu.c
index 535ce99..704be40 100644
--- a/src/stm32/usbdfu.c
+++ b/src/stm32/usbdfu.c
@@ -32,6 +32,8 @@
 #define CMD_SETADDR	0x21 
 #define CMD_ERASE	0x41 
 
+#define FLASH_OBP_WRP10 0x1FFFF808 
+
 /* We need a special large control buffer for this device: */
 u8 usbd_control_buffer[1024];
 
@@ -147,6 +149,11 @@ static void usbdfu_getstatus_complete(struct usb_setup_data *req)
 
 		flash_unlock();
 		if(prog.blocknum == 0) {
+			if ((*(u32*)(prog.buf+1) < 0x8002000) ||
+			    (*(u32*)(prog.buf+1) >= 0x8020000)) {
+				usbd_ep_stall_set(0, 1);
+				return;
+			}
 			switch(prog.buf[0]) {
 			case CMD_ERASE:
 				flash_erase_page(*(u32*)(prog.buf+1));
@@ -251,6 +258,11 @@ int main(void)
 		}
 	}
 
+	if ((FLASH_WRPR & 0x03) != 0x00) {
+		flash_unlock();
+		flash_program_option_bytes(FLASH_OBP_WRP10, 0x03FC);
+	}
+
 	rcc_clock_setup_in_hse_8mhz_out_72mhz();
 
 	rcc_peripheral_enable_clock(&RCC_APB1ENR, RCC_APB1ENR_USBEN);