diff options
author | Michael Brown | 2023-02-13 21:40:42 +0100 |
---|---|---|
committer | Michael Brown | 2023-02-14 12:13:45 +0100 |
commit | 76a286530a8b5bdbab81c3851b851dea2da32114 (patch) | |
tree | dbdd17ee66f496fa89dbf8ae0854b6031474b9ed /src/core/image.c | |
parent | [rng] Check for several functioning RTC interrupts (diff) | |
download | ipxe-76a286530a8b5bdbab81c3851b851dea2da32114.tar.gz ipxe-76a286530a8b5bdbab81c3851b851dea2da32114.tar.xz ipxe-76a286530a8b5bdbab81c3851b851dea2da32114.zip |
[image] Check delimiters when parsing command-line key-value arguments
The Linux kernel bzImage image format and the CPIO archive constructor
will parse the image command line for certain arguments of the form
"key=value". This parsing is currently implemented using strstr() in
a way that can cause a false positive suffix match. For example, a
command line containing "highmem=<n>" would erroneously be treated as
containing a value for "mem=<n>".
Fix by centralising the logic used for parsing such arguments, and
including a check that the argument immediately follows a whitespace
delimiter (or is at the start of the string).
Reported-by: Filippo Giunchedi <filippo@esaurito.net>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/core/image.c')
-rw-r--r-- | src/core/image.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/src/core/image.c b/src/core/image.c index 3e236ca6..f6d3d8dd 100644 --- a/src/core/image.c +++ b/src/core/image.c @@ -27,6 +27,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <string.h> #include <stdlib.h> #include <stdio.h> +#include <ctype.h> #include <errno.h> #include <assert.h> #include <libgen.h> @@ -569,3 +570,33 @@ struct image * image_memory ( const char *name, userptr_t data, size_t len ) { err_alloc_image: return NULL; } + +/** + * Find argument within image command line + * + * @v image Image + * @v key Argument search key (including trailing delimiter) + * @ret value Argument value, or NULL if not found + */ +const char * image_argument ( struct image *image, const char *key ) { + const char *cmdline = image->cmdline; + const char *search; + const char *match; + const char *next; + + /* Find argument */ + for ( search = cmdline ; search ; search = next ) { + + /* Find next occurrence, if any */ + match = strstr ( search, key ); + if ( ! match ) + break; + next = ( match + strlen ( key ) ); + + /* Check preceding delimiter, if any */ + if ( ( match == cmdline ) || isspace ( match[-1] ) ) + return next; + } + + return NULL; +} |