vbatts/grub
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix brainos from misapplied patches. Add improved password checking.

Browse source
This commit is contained in:
gord 1999-03-27 22:59:57 +00:00
parent d61ce9f2a4
commit 8a1b524d47
6 changed files with 92 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

24
ChangeLog
View file

@ -1,9 +1,29 @@
1999-03-27 Gordon Matzigkeit <gord@trick.fig.org> 1999-03-27 Gordon Matzigkeit <gord@trick.fig.org>
* grub/asmstub.c (checkkey): Fix unterminated comment.
* shared_src/char_io.c (grub_printf): Renamed from printf.
(grub_tolower): Renamed from tolower.
(grub_isspace): Renamed from isspace.
(grub_strncat): Renamed from strncat.
(grub_strstr): Renamed from strstr.
(grub_bcopy): Renamed from bcopy.
(grub_bzero): Renamed from bzero.
From Bradford Hovinen:
* shared_src/char_io.c (get_cmdline): Add new argument to hide
password entry.
(grub_strcmp): New function.
* shared_src/shared.h (get_cmdline): Fix declaration.
(grub_strcmp): Declare.
* shared_src/stage2.c (run_menu): Use get_cmdline with an
ECHO_CHAR of `*'. This protects against both brute-force and
sidelong-glance password cracking attempts.
* grub/main.c (usage): Display defaults for stage2 options. * grub/main.c (usage): Display defaults for stage2 options.
* grub/asmstub.c [NO_REMAPPING_LIBC_FUNCTIONS]: Rename to * grub/asmstub.c [WITHOUT_LIBC_STUBS]: Renamed from
WITHOUT_LIBC_STUBS. NO_REMAPPING_LIBC_FUNCTIONS.
* grub/main.c: Likewise. * grub/main.c: Likewise.
* shared_src/shared.h: Likewise. * shared_src/shared.h: Likewise.

6
grub/asmstub.c
View file

@ -143,7 +143,7 @@ grub_stage2 (void)
/* Close off the file descriptors we used. */ /* Close off the file descriptors we used. */
for (i = 0; i < NUM_DISKS; i ++) for (i = 0; i < NUM_DISKS; i ++)
if (disks[i].flags) if (disks[i].flags)
close ((FILE *) disks[i].flags); close (disks[i].flags);
/* Release memory. */ /* Release memory. */
free (disks); free (disks);
@ -356,7 +356,7 @@ checkkey (void)
ungetch (c); /* FIXME: ncurses-1.9.9g ungetch is buggy. */ ungetch (c); /* FIXME: ncurses-1.9.9g ungetch is buggy. */
return c; return c;
#else #else
/* Just pretend they hit the space bar. /* Just pretend they hit the space bar. */
return ' '; return ' ';
#endif #endif
} }
@ -501,7 +501,7 @@ biosdisk (int subfunc, int drive, struct geometry *geometry,
buf = (char *) (segment << 4); buf = (char *) (segment << 4);
/* FIXME: handle EINTR */ /* FIXME: handle EINTR */
if (read (fd, buf, nsec * SECTOR_SIZE, fp) != nsec * SECTOR_SIZE) if (read (fd, buf, nsec * SECTOR_SIZE) != nsec * SECTOR_SIZE)
return -1; return -1;
return 0; return 0;
} }

55
shared_src/char_io.c
View file

@ -80,7 +80,7 @@ convert_to_ascii (char *buf, int c,...)
void void
printf (char *format,...) grub_printf (char *format,...)
{ {
int *dataptr = (int *) &format; int *dataptr = (int *) &format;
char c, *ptr, str[16]; char c, *ptr, str[16];
@ -137,20 +137,24 @@ init_page (void)
at once. So, the whole screen is about 2000 characters, minus the at once. So, the whole screen is about 2000 characters, minus the
PROMPT, and space for error and status lines, etc. MAXLEN must be PROMPT, and space for error and status lines, etc. MAXLEN must be
at least 1, and PROMPT and CMDLINE must be valid strings (not NULL at least 1, and PROMPT and CMDLINE must be valid strings (not NULL
or zero-length). */ or zero-length).
If ECHO_CHAR is nonzero, echo it instead of the typed character. */
int int
get_cmdline (char *prompt, char *commands, char *cmdline, int maxlen) get_cmdline (char *prompt, char *commands, char *cmdline, int maxlen,
int echo_char)
{ {
int ystart, yend, xend, lpos, c; int ystart, yend, xend, lpos, c;
int plen = 0; int plen = 0;
int llen = 0; int llen = 0;
/* nested function definition for code simplicity */ /* nested function definition for code simplicity */
static void cl_print (char *str) static void cl_print (char *str, int echo_char)
{ {
while (*str != 0) while (*str != 0)
{ {
putchar (*(str++)); putchar (echo_char ? echo_char : *str);
str ++;
if (++xend > 78) if (++xend > 78)
{ {
xend = 0; xend = 0;
@ -180,8 +184,8 @@ get_cmdline (char *prompt, char *commands, char *cmdline, int maxlen)
ystart = (getxy () & 0xff); ystart = (getxy () & 0xff);
yend = ystart; yend = ystart;
xend = 0; xend = 0;
cl_print (prompt); cl_print (prompt, 0);
cl_print (cmdline); cl_print (cmdline, echo_char);
cl_setcpos (); cl_setcpos ();
} }
@ -324,7 +328,7 @@ get_cmdline (char *prompt, char *commands, char *cmdline, int maxlen)
cl_setcpos (); cl_setcpos ();
if (lpos != llen) if (lpos != llen)
{ {
cl_print (cmdline + lpos); cl_print (cmdline + lpos, echo_char);
cl_setcpos (); cl_setcpos ();
} }
} }
@ -348,7 +352,7 @@ get_cmdline (char *prompt, char *commands, char *cmdline, int maxlen)
{ {
lpos = 0; lpos = 0;
cl_setcpos (); cl_setcpos ();
cl_print (cmdline); cl_print (cmdline, echo_char);
cl_setcpos (); cl_setcpos ();
} }
} }
@ -360,7 +364,7 @@ get_cmdline (char *prompt, char *commands, char *cmdline, int maxlen)
{ {
cmdline[lpos] = c; cmdline[lpos] = c;
cmdline[lpos + 1] = 0; cmdline[lpos + 1] = 0;
cl_print (cmdline + lpos); cl_print (cmdline + lpos, echo_char);
lpos ++; lpos ++;
cl_setcpos (); cl_setcpos ();
} }
@ -371,7 +375,7 @@ get_cmdline (char *prompt, char *commands, char *cmdline, int maxlen)
cmdline[i + 1] = cmdline[i]; cmdline[i + 1] = cmdline[i];
cmdline[lpos] = c; cmdline[lpos] = c;
cl_setcpos (); cl_setcpos ();
cl_print (cmdline + lpos); cl_print (cmdline + lpos, echo_char);
lpos++; lpos++;
cl_setcpos (); cl_setcpos ();
} }
@ -481,7 +485,7 @@ safe_parse_maxint (char **str_ptr, int *myint_ptr)
int int
tolower (int c) grub_tolower (int c)
{ {
if (c >= 'A' && c <= 'Z') if (c >= 'A' && c <= 'Z')
return (c + ('a' - 'A')); return (c + ('a' - 'A'));
@ -492,7 +496,7 @@ tolower (int c)
int int
isspace (int c) grub_isspace (int c)
{ {
if (c == ' ' || c == '\t' || c == '\n') if (c == ' ' || c == '\t' || c == '\n')
return 1; return 1;
@ -502,7 +506,7 @@ isspace (int c)
int int
strncat (char *s1, char *s2, int n) grub_strncat (char *s1, char *s2, int n)
{ {
int i = -1; int i = -1;
@ -521,6 +525,23 @@ strncat (char *s1, char *s2, int n)
} }
int
grub_strcmp (char *s1, char *s2)
{
while (*s1 || *s2)
{
if (*s1 < *s2)
return -1;
else if (*s1 > *s2)
return 1;
s1 ++;
s2 ++;
}
return 0;
}
int int
substring (char *s1, char *s2) substring (char *s1, char *s2)
{ {
@ -542,7 +563,7 @@ substring (char *s1, char *s2)
char * char *
strstr (char *s1, char *s2) grub_strstr (char *s1, char *s2)
{ {
char *ptr, *tmp; char *ptr, *tmp;
@ -586,7 +607,7 @@ memcheck (int start, int len)
int int
bcopy (char *from, char *to, int len) grub_bcopy (char *from, char *to, int len)
{ {
if (memcheck ((int) to, len)) if (memcheck ((int) to, len))
{ {
@ -614,7 +635,7 @@ bcopy (char *from, char *to, int len)
int int
bzero (char *start, int len) grub_bzero (char *start, int len)
{ {
if (memcheck ((int) start, len)) if (memcheck ((int) start, len))
{ {

2
shared_src/cmdline.c
View file

@ -224,7 +224,7 @@ returnit:
print_error(); print_error();
} }
if (run_cmdline && get_cmdline(PACKAGE "> ", commands, cur_heap, 2048)) if (run_cmdline && get_cmdline (PACKAGE "> ", commands, cur_heap, 2048, 0))
return 1; return 1;
if (substring("boot", cur_heap) == 0 || (script && !*cur_heap)) if (substring("boot", cur_heap) == 0 || (script && !*cur_heap))

5
shared_src/shared.h
View file

@ -212,6 +212,7 @@ extern char *grub_scratch_mem;
#define putchar grub_putchar #define putchar grub_putchar
#define strncat grub_strncat #define strncat grub_strncat
#define strstr grub_strstr #define strstr grub_strstr
#define strcmp grub_strcmp
#define tolower grub_tolower #define tolower grub_tolower
#endif /* WITHOUT_LIBC_STUBS */ #endif /* WITHOUT_LIBC_STUBS */
@ -454,12 +455,14 @@ int grub_strncat (char *s1, char *s2, int n);
int grub_bcopy (char *from, char *to, int len); int grub_bcopy (char *from, char *to, int len);
int grub_bzero (char *start, int len); int grub_bzero (char *start, int len);
char *grub_strstr (char *s1, char *s2); char *grub_strstr (char *s1, char *s2);
int grub_strcmp (char *s1, char *s2);
/* misc */ /* misc */
void init_page (void); void init_page (void);
void print_error (void); void print_error (void);
char *convert_to_ascii (char *buf, int c,...); char *convert_to_ascii (char *buf, int c,...);
int get_cmdline (char *prompt, char *commands, char *cmdline, int maxlen); int get_cmdline (char *prompt, char *commands, char *cmdline,
int maxlen, int echo_char);
int substring (char *s1, char *s2); int substring (char *s1, char *s2);
int get_based_digit (int c, int base); int get_based_digit (int c, int base);
int safe_parse_maxint (char **str_ptr, int *myint_ptr); int safe_parse_maxint (char **str_ptr, int *myint_ptr);

42
shared_src/stage2.c
View file

@ -314,24 +314,30 @@ restart:
if (c == 'p') if (c == 'p')
{ {
/* Do password check here! */ /* Do password check here! */
char *ptr = password; char entered[32];
gotoxy(2, 22); char *pptr = password;
printf("Entering password... ");
do gotoxy(1, 21);
get_cmdline (" Password: ", commands, entered, 31, '*');
while (! isspace (*pptr))
pptr ++;
if (! strcmp (password, entered))
{ {
if (isspace(*ptr)) char *new_file = config_file;
{ bzero (entered, sizeof (entered));
char *new_file = config_file; while (isspace (*pptr))
while (isspace(*ptr)) ptr++; pptr ++;
while ((*(new_file++) = *(ptr++)) != 0); while ((*(new_file ++) = *(pptr ++)) != 0);
return; return;
} }
c = ASCII_CHAR(getkey()); else
{
bzero (entered, sizeof (entered));
printf("Failed!\n Press any key to continue...");
getkey ();
goto restart;
} }
while (*(ptr++) == c);
printf("Failed!\n Press any key to continue...");
getkey();
goto restart;
} }
} }
else else
@ -379,8 +385,8 @@ restart:
saved_partition = install_partition; saved_partition = install_partition;
current_drive = 0xFF; current_drive = 0xFF;
if (!get_cmdline(PACKAGE " edit> ", commands, new_heap, if (! get_cmdline(PACKAGE " edit> ", commands, new_heap,
NEW_HEAPSIZE + 1)) NEW_HEAPSIZE + 1, 0))
{ {
int j = 0; int j = 0;