verifiers: Add possibility to verify kernel and modules command lines

Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com> Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
2017-02-07 02:10:14 +01:00 · 2017-02-07 02:10:14 +01:00 · 4d4a8c96e3
commit 4d4a8c96e3
parent 75a919e334
18 changed files with 136 additions and 37 deletions
--- a/grub-core/loader/arm/linux.c
+++ b/grub-core/loader/arm/linux.c
@ -28,6 +28,7 @@
 #include <grub/cpu/linux.h>
 #include <grub/lib/cmdline.h>
 #include <grub/linux.h>
+#include <grub/verify.h>

 GRUB_MOD_LICENSE ("GPLv3+");

@ -383,8 +384,11 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),

  /* Create kernel command line.  */
  grub_memcpy (linux_args, LINUX_IMAGE, sizeof (LINUX_IMAGE));
-  grub_create_loader_cmdline (argc, argv,
-			      linux_args + sizeof (LINUX_IMAGE) - 1, size);
+  err = grub_create_loader_cmdline (argc, argv,
+				    linux_args + sizeof (LINUX_IMAGE) - 1, size,
+				    GRUB_VERIFY_KERNEL_CMDLINE);
+  if (err)
+    goto fail;

  return GRUB_ERR_NONE;

--- a/grub-core/loader/arm64/linux.c
+++ b/grub-core/loader/arm64/linux.c
@ -32,6 +32,7 @@
 #include <grub/efi/pe32.h>
 #include <grub/i18n.h>
 #include <grub/lib/cmdline.h>
+#include <grub/verify.h>

 GRUB_MOD_LICENSE ("GPLv3+");

@ -339,9 +340,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
      goto fail;
    }
  grub_memcpy (linux_args, LINUX_IMAGE, sizeof (LINUX_IMAGE));
-  grub_create_loader_cmdline (argc, argv,
-			      linux_args + sizeof (LINUX_IMAGE) - 1,
-			      cmdline_size);
+  err = grub_create_loader_cmdline (argc, argv,
+				    linux_args + sizeof (LINUX_IMAGE) - 1,
+				    cmdline_size,
+				    GRUB_VERIFY_KERNEL_CMDLINE);
+  if (err)
+    goto fail;

  if (grub_errno == GRUB_ERR_NONE)
    {
--- a/grub-core/loader/i386/bsd.c
+++ b/grub-core/loader/i386/bsd.c
@ -35,6 +35,7 @@
 #include <grub/ns8250.h>
 #include <grub/bsdlabel.h>
 #include <grub/crypto.h>
+#include <grub/verify.h>
 #ifdef GRUB_MACHINE_PCBIOS
 #include <grub/machine/int.h>
 #endif
@ -416,6 +417,8 @@ grub_freebsd_add_meta_module (const char *filename, const char *type,
 			      grub_addr_t addr, grub_uint32_t size)
 {
  const char *name;
+  grub_err_t err;
+
  name = grub_strrchr (filename, '/');
  if (name)
    name++;
@ -469,6 +472,9 @@ grub_freebsd_add_meta_module (const char *filename, const char *type,
 	      *(p++) = ' ';
 	    }
 	  *p = 0;
+	  err = grub_verify_string (cmdline, GRUB_VERIFY_MODULE_CMDLINE);
+	  if (err)
+	    return err;
 	}
    }

--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@ -969,11 +969,17 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
  if (!linux_cmdline)
    goto fail;
  grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE));
-  grub_create_loader_cmdline (argc, argv,
-			      linux_cmdline
-			      + sizeof (LINUX_IMAGE) - 1,
-			      maximal_cmdline_size
-			      - (sizeof (LINUX_IMAGE) - 1));
+  {
+    grub_err_t err;
+    err = grub_create_loader_cmdline (argc, argv,
+				      linux_cmdline
+				      + sizeof (LINUX_IMAGE) - 1,
+				      maximal_cmdline_size
+				      - (sizeof (LINUX_IMAGE) - 1),
+				      GRUB_VERIFY_KERNEL_CMDLINE);
+    if (err)
+      goto fail;
+  }

  len = prot_file_size;
  if (grub_file_read (file, prot_mode_mem, len) != len && !grub_errno)
--- a/grub-core/loader/i386/multiboot_mbi.c
+++ b/grub-core/loader/i386/multiboot_mbi.c
@ -673,10 +673,8 @@ grub_multiboot_init_mbi (int argc, char *argv[])
    return grub_errno;
  cmdline_size = len;

-  grub_create_loader_cmdline (argc, argv, cmdline,
-			      cmdline_size);
-
-  return GRUB_ERR_NONE;
+  return grub_create_loader_cmdline (argc, argv, cmdline,
+				     cmdline_size, GRUB_VERIFY_KERNEL_CMDLINE);
 }

 grub_err_t
@ -685,6 +683,7 @@ grub_multiboot_add_module (grub_addr_t start, grub_size_t size,
 {
  struct module *newmod;
  grub_size_t len = 0;
+  grub_err_t err;

  newmod = grub_malloc (sizeof (*newmod));
  if (!newmod)
@ -704,8 +703,13 @@ grub_multiboot_add_module (grub_addr_t start, grub_size_t size,
  newmod->cmdline_size = len;
  total_modcmd += ALIGN_UP (len, 4);

-  grub_create_loader_cmdline (argc, argv, newmod->cmdline,
-			      newmod->cmdline_size);
+  err = grub_create_loader_cmdline (argc, argv, newmod->cmdline,
+				    newmod->cmdline_size, GRUB_VERIFY_MODULE_CMDLINE);
+  if (err)
+    {
+      grub_free (newmod);
+      return grub_errno;
+    }

  if (modules_last)
    modules_last->next = newmod;
--- a/grub-core/loader/i386/pc/linux.c
+++ b/grub-core/loader/i386/pc/linux.c
@ -334,11 +334,14 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
  /* Create kernel command line.  */
  grub_memcpy ((char *)grub_linux_real_chunk + GRUB_LINUX_CL_OFFSET,
 		LINUX_IMAGE, sizeof (LINUX_IMAGE));
-  grub_create_loader_cmdline (argc, argv,
-			      (char *)grub_linux_real_chunk
-			      + GRUB_LINUX_CL_OFFSET + sizeof (LINUX_IMAGE) - 1,
-			      maximal_cmdline_size
-			      - (sizeof (LINUX_IMAGE) - 1));
+  err = grub_create_loader_cmdline (argc, argv,
+				    (char *)grub_linux_real_chunk
+				    + GRUB_LINUX_CL_OFFSET + sizeof (LINUX_IMAGE) - 1,
+				    maximal_cmdline_size
+				    - (sizeof (LINUX_IMAGE) - 1),
+				    GRUB_VERIFY_KERNEL_CMDLINE);
+  if (err)
+    goto fail;

  if (grub_linux_is_bzimage)
    grub_linux_prot_target = GRUB_LINUX_BZIMAGE_ADDR;
--- a/grub-core/loader/i386/pc/plan9.c
+++ b/grub-core/loader/i386/pc/plan9.c
@ -33,6 +33,7 @@
 #include <grub/mm.h>
 #include <grub/cpu/relocator.h>
 #include <grub/extcmd.h>
+#include <grub/verify.h>

 GRUB_MOD_LICENSE ("GPLv3+");

@ -505,6 +506,7 @@ grub_cmd_plan9 (grub_extcmd_context_t ctxt, int argc, char *argv[])
  configptr = grub_stpcpy (configptr, "bootfile=");
  configptr = grub_stpcpy (configptr, bootpath);
  *configptr++ = '\n';
+  char *cmdline = configptr;
  {
    int i;
    for (i = 1; i < argc; i++)
@ -513,6 +515,15 @@ grub_cmd_plan9 (grub_extcmd_context_t ctxt, int argc, char *argv[])
 	*configptr++ = '\n';
      }
  }
+
+  {
+    grub_err_t err;
+    *configptr = '\0';
+    err = grub_verify_string (cmdline, GRUB_VERIFY_KERNEL_CMDLINE);
+    if (err)
+      goto fail;
+  }
+
  configptr = grub_stpcpy (configptr, fill_ctx.pmap);

  {
--- a/grub-core/loader/i386/xen.c
+++ b/grub-core/loader/i386/xen.c
@ -40,6 +40,7 @@
 #include <grub/xen_file.h>
 #include <grub/linux.h>
 #include <grub/i386/memory.h>
+#include <grub/verify.h>

 GRUB_MOD_LICENSE ("GPLv3+");

@ -647,6 +648,9 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)),
  grub_create_loader_cmdline (argc - 1, argv + 1,
 			      (char *) xen_state.next_start.cmd_line,
 			      sizeof (xen_state.next_start.cmd_line) - 1);
+  err = grub_verify_string (xen_state.next_start.cmd_line, GRUB_VERIFY_MODULE_CMDLINE);
+  if (err)
+    return err;

  file = grub_file_open (argv[0], GRUB_FILE_TYPE_LINUX_KERNEL);
  if (!file)
@ -908,6 +912,9 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)),

  grub_create_loader_cmdline (argc - 1, argv + 1,
 			      get_virtual_current_address (ch), cmdline_len);
+  err = grub_verify_string (get_virtual_current_address (ch), GRUB_VERIFY_MODULE_CMDLINE);
+  if (err)
+    goto fail;

  xen_state.module_info_page[xen_state.n_modules].cmdline =
    xen_state.max_addr - xen_state.modules_target_start;
--- a/grub-core/loader/ia64/efi/linux.c
+++ b/grub-core/loader/ia64/efi/linux.c
@ -33,6 +33,7 @@
 #include <grub/i18n.h>
 #include <grub/env.h>
 #include <grub/linux.h>
+#include <grub/verify.h>

 GRUB_MOD_LICENSE ("GPLv3+");

@ -501,6 +502,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
      p = grub_stpcpy (p, argv[i]);
    }
  cmdline[10] = '=';
+
+  *p = '\0';
+
+  err = grub_verify_string (cmdline, GRUB_VERIFY_KERNEL_CMDLINE);
+  if (err)
+    goto fail;
  
  boot_param->command_line = (grub_uint64_t) cmdline;
  boot_param->efi_systab = (grub_uint64_t) grub_efi_system_table;
--- a/grub-core/loader/mips/linux.c
+++ b/grub-core/loader/mips/linux.c
@ -327,6 +327,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
  linux_argv++;
  linux_args += ALIGN_UP (sizeof ("a0"), 4);

+  char *params = linux_args;
+
 #ifdef GRUB_MACHINE_MIPS_LOONGSON
  {
    unsigned mtype = grub_arch_machine;
@ -352,6 +354,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
      linux_args += ALIGN_UP (grub_strlen (argv[i]) + 1, 4);
    }

+  *linux_args = '\0';
+
+  err = grub_verify_string (params, GRUB_VERIFY_KERNEL_CMDLINE);
+  if (err)
+    return err;
+
  /* Reserve space for rd arguments.  */
  rd_addr_arg_off = (grub_uint8_t *) linux_args - (grub_uint8_t *) playground;
  linux_args += ALIGN_UP (sizeof ("rd_start=0xXXXXXXXXXXXXXXXX"), 4);
--- a/grub-core/loader/multiboot_mbi2.c
+++ b/grub-core/loader/multiboot_mbi2.c
@ -1038,10 +1038,8 @@ grub_multiboot2_init_mbi (int argc, char *argv[])
    return grub_errno;
  cmdline_size = len;

-  grub_create_loader_cmdline (argc, argv, cmdline,
-			      cmdline_size);
-
-  return GRUB_ERR_NONE;
+  return grub_create_loader_cmdline (argc, argv, cmdline, cmdline_size,
+				     GRUB_VERIFY_KERNEL_CMDLINE);
 }

 grub_err_t
@ -1050,6 +1048,7 @@ grub_multiboot2_add_module (grub_addr_t start, grub_size_t size,
 {
  struct module *newmod;
  grub_size_t len = 0;
+  grub_err_t err;

  newmod = grub_malloc (sizeof (*newmod));
  if (!newmod)
@ -1068,8 +1067,10 @@ grub_multiboot2_add_module (grub_addr_t start, grub_size_t size,
  newmod->cmdline_size = len;
  total_modcmd += ALIGN_UP (len, MULTIBOOT_TAG_ALIGN);

-  grub_create_loader_cmdline (argc, argv, newmod->cmdline,
-			      newmod->cmdline_size);
+  err = grub_create_loader_cmdline (argc, argv, newmod->cmdline,
+				    newmod->cmdline_size, GRUB_VERIFY_MODULE_CMDLINE);
+  if (err)
+    return err;

  if (modules_last)
    modules_last->next = newmod;
--- a/grub-core/loader/powerpc/ieee1275/linux.c
+++ b/grub-core/loader/powerpc/ieee1275/linux.c
@ -302,8 +302,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),

  /* Create kernel command line.  */
  grub_memcpy (linux_args, LINUX_IMAGE, sizeof (LINUX_IMAGE));
-  grub_create_loader_cmdline (argc, argv, linux_args + sizeof (LINUX_IMAGE) - 1,
-			      size);
+  if (grub_create_loader_cmdline (argc, argv, linux_args + sizeof (LINUX_IMAGE) - 1,
+				  size))
+    goto out;

 out:

--- a/grub-core/loader/sparc64/ieee1275/linux.c
+++ b/grub-core/loader/sparc64/ieee1275/linux.c
@ -340,8 +340,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),

  /* Create kernel command line.  */
  grub_memcpy (linux_args, LINUX_IMAGE, sizeof (LINUX_IMAGE));
-  grub_create_loader_cmdline (argc, argv, linux_args + sizeof (LINUX_IMAGE) - 1,
-			      size);
+  if (grub_create_loader_cmdline (argc, argv, linux_args + sizeof (LINUX_IMAGE) - 1,
+				  size, GRUB_VERIFY_KERNEL_CMDLINE))
+    goto out;

 out:
  if (elf)
--- a/grub-core/loader/xnu.c
+++ b/grub-core/loader/xnu.c
@ -33,6 +33,7 @@
 #include <grub/extcmd.h>
 #include <grub/env.h>
 #include <grub/i18n.h>
+#include <grub/verify.h>

 GRUB_MOD_LICENSE ("GPLv3+");

@ -425,6 +426,10 @@ grub_cmd_xnu_kernel (grub_command_t cmd __attribute__ ((unused)),
  if (ptr != grub_xnu_cmdline)
    *(ptr - 1) = 0;

+  err = grub_verify_string (grub_xnu_cmdline, GRUB_VERIFY_KERNEL_CMDLINE);
+  if (err)
+    return err;
+
 #if defined (__i386) && !defined (GRUB_MACHINE_EFI)
  err = grub_efiemu_autocore ();
  if (err)
@ -534,6 +539,10 @@ grub_cmd_xnu_kernel64 (grub_command_t cmd __attribute__ ((unused)),
  if (ptr != grub_xnu_cmdline)
    *(ptr - 1) = 0;

+  err = grub_verify_string (grub_xnu_cmdline, GRUB_VERIFY_KERNEL_CMDLINE);
+  if (err)
+    return err;
+
 #if defined (__i386) && !defined (GRUB_MACHINE_EFI)
  err = grub_efiemu_autocore ();
  if (err)