diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c index 488bc6bc8..9da5b10a5 100644 --- a/grub-core/script/execute.c +++ b/grub-core/script/execute.c @@ -28,6 +28,7 @@ #include #include #include +#include /* Max digits for a char is 3 (0xFF is 255), similarly for an int it is sizeof (int) * 3, and one extra for a possible -ve sign. */ @@ -941,26 +942,29 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd) if (grub_script_arglist_to_argv (cmdline->arglist, &argv) || ! argv.args[0]) return grub_errno; - for (i = 0; i < argv.argc; i++) { - cmdlen += grub_strlen (argv.args[i]) + 1; - } + for (i = 0; i < argv.argc; i++) + { + cmdlen += grub_strlen (argv.args[i]) + 1; + } cmdstring = grub_malloc (cmdlen); if (!cmdstring) - { - return grub_error (GRUB_ERR_OUT_OF_MEMORY, - N_("cannot allocate command buffer")); - } + { + return grub_error (GRUB_ERR_OUT_OF_MEMORY, + N_("cannot allocate command buffer")); + } - for (i = 0; i < argv.argc; i++) { - offset += grub_snprintf (cmdstring + offset, cmdlen - offset, "%s ", - argv.args[i]); - } - cmdstring[cmdlen-1]= '\0'; + for (i = 0; i < argv.argc; i++) + { + offset += grub_snprintf (cmdstring + offset, cmdlen - offset, "%s ", + argv.args[i]); + } + cmdstring[cmdlen - 1] = '\0'; grub_tpm_measure ((unsigned char *)cmdstring, cmdlen, GRUB_ASCII_PCR, "grub_cmd", cmdstring); grub_print_error(); - grub_free(cmdstring); + grub_verify_string (cmdstring, GRUB_VERIFY_COMMAND); + grub_free (cmdstring); invert = 0; argc = argv.argc - 1; args = argv.args + 1; @@ -1185,4 +1189,3 @@ grub_script_execute (struct grub_script *script) return grub_script_execute_cmd (script->cmd); } - diff --git a/include/grub/verify.h b/include/grub/verify.h index 3d8f3e1a4..ea0491433 100644 --- a/include/grub/verify.h +++ b/include/grub/verify.h @@ -34,6 +34,7 @@ enum grub_verify_string_type { GRUB_VERIFY_KERNEL_CMDLINE, GRUB_VERIFY_MODULE_CMDLINE, + GRUB_VERIFY_COMMAND, }; struct grub_file_verifier