diff options
| author | Harald Hoyer <harald@redhat.com> | 2015-02-01 11:49:09 +0100 |
|---|---|---|
| committer | Harald Hoyer <harald@redhat.com> | 2015-02-01 11:53:39 +0100 |
| commit | 120629b3d2e2fe40fea1a6d3965f91bb74fd605e (patch) | |
| tree | 5fd1991bbb0cbd3fdf01ae08677f15ceb3bb3f88 | |
| parent | a96f5ab77000f5f492025f69ebb919a393125202 (diff) | |
End the cmdline string with a 0
The cmdline string was passed to the kernel without an ending 0, so it
would read past the cmdline memory.
| -rw-r--r-- | src/efi/linux.c | 8 | ||||
| -rw-r--r-- | src/efi/linux.h | 3 | ||||
| -rw-r--r-- | src/efi/stub.c | 10 |
3 files changed, 14 insertions, 7 deletions
diff --git a/src/efi/linux.c b/src/efi/linux.c index 26c5877..809c693 100644 --- a/src/efi/linux.c +++ b/src/efi/linux.c @@ -84,7 +84,8 @@ static inline VOID linux_efi_handover(EFI_HANDLE image, struct SetupHeader *setu #endif EFI_STATUS linux_exec(EFI_HANDLE *image, - CHAR8 *cmdline, UINTN linux_addr, + CHAR8 *cmdline, UINTN cmdline_len, + UINTN linux_addr, UINTN initrd_addr, UINTN initrd_size) { struct SetupHeader *image_setup; struct SetupHeader *boot_setup; @@ -113,10 +114,11 @@ EFI_STATUS linux_exec(EFI_HANDLE *image, if (cmdline) { addr = 0xA0000; err = uefi_call_wrapper(BS->AllocatePages, 4, AllocateMaxAddress, EfiLoaderData, - EFI_SIZE_TO_PAGES(strlena(cmdline) + 1), &addr); + EFI_SIZE_TO_PAGES(cmdline_len + 1), &addr); if (EFI_ERROR(err)) return err; - CopyMem((VOID *)(UINTN)addr, cmdline, strlena(cmdline) + 1); + CopyMem((VOID *)(UINTN)addr, cmdline, cmdline_len); + ((CHAR8 *)addr)[cmdline_len] = 0; boot_setup->cmd_line_ptr = (UINT32)addr; } diff --git a/src/efi/linux.h b/src/efi/linux.h index 020c728..e5d4f5a 100644 --- a/src/efi/linux.h +++ b/src/efi/linux.h @@ -18,6 +18,7 @@ #define __GUMMIBOOT_kernel_H EFI_STATUS linux_exec(EFI_HANDLE *image, - CHAR8 *cmdline, UINTN linux_addr, + CHAR8 *cmdline, UINTN cmdline_size, + UINTN linux_addr, UINTN initrd_addr, UINTN initrd_size); #endif diff --git a/src/efi/stub.c b/src/efi/stub.c index 51d215f..e18faac 100644 --- a/src/efi/stub.c +++ b/src/efi/stub.c @@ -42,6 +42,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { UINTN offs[ELEMENTSOF(sections)-1] = {}; UINTN szs[ELEMENTSOF(sections)-1] = {}; CHAR8 *cmdline = NULL; + UINTN cmdline_len; EFI_STATUS err; InitializeLib(image, sys_table); @@ -79,6 +80,8 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { if (szs[0] > 0) cmdline = (CHAR8 *)(loaded_image->ImageBase + addrs[0]); + cmdline_len = szs[0]; + /* if we are not in secure boot mode, accept a custom command line and replace the built-in one */ if (!secure && loaded_image->LoadOptionsSize > 0) { CHAR16 *options; @@ -86,13 +89,14 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { UINTN i; options = (CHAR16 *)loaded_image->LoadOptions; - line = AllocatePool((loaded_image->LoadOptionsSize / sizeof(CHAR16)) * sizeof(CHAR8)); - for (i = 0; i < loaded_image->LoadOptionsSize; i++) + cmdline_len = (loaded_image->LoadOptionsSize / sizeof(CHAR16)) * sizeof(CHAR8); + line = AllocatePool(cmdline_len); + for (i = 0; i < cmdline_len; i++) line[i] = options[i]; cmdline = line; } - err = linux_exec(image, cmdline, + err = linux_exec(image, cmdline, cmdline_len, (UINTN)loaded_image->ImageBase + addrs[1], (UINTN)loaded_image->ImageBase + addrs[2], szs[2]); |