scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-25 02:35:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

signer scripts: break kernel parameters on spaces rather than word boundaries

Browse Source 
The current kernel parameter parsing logic uses word boundaries (\b) to
keep from replacing parameters inside of other parameters (like "level=1"
mangling "loglevel=1" into "log"), but this fails when the last character
isn't a "word" character.  e.g. "\bconsole=\b" doesn't match "console=".

Change the \b to a space.  Since we're already using spaces as our split
marker, this shouldn't be a problem.

BRANCH=None
BUG=chrome-os-partner:12780
BUG=chromium-os:33868
TEST=ran `ensure_secure_kernelparams.sh` on an image with 'console=' and saw it work

Change-Id: Id69250179ea76aabfed9cd21c1c59483d78a215d
Reviewed-on: https://gerrit.chromium.org/gerrit/31356
Reviewed-by: David McMahon <djmm@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
This commit is contained in:
Mike Frysinger
2012-08-24 14:28:50 -04:00
committed by Gerrit
parent 513be212d9
commit 16de2c7bae
1 changed files with 15 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
scripts/image_signing/ensure_secure_kernelparams.sh
View File

@@ -130,8 +130,12 @@ main() {
echo "Expected: ${required_dmparams[@]}" echo "Expected: ${required_dmparams[@]}"
fi fi
# A byte that should not appear in the command line to use as a sed
# marker when doing regular expression replacements.
M=$'\001'
# Ensure all other required params are present. # Ensure all other required params are present.
for param in ${required_kparams[@]}; do for param in "${required_kparams[@]}"; do
if [[ "$kparams_nodm" != *$param* ]]; then if [[ "$kparams_nodm" != *$param* ]]; then
echo "Kernel parameters missing required value: $param" echo "Kernel parameters missing required value: $param"
testfail=1 testfail=1
@@ -139,25 +143,29 @@ main() {
# Remove matched params as we go. If all goes well, kparams_nodm # Remove matched params as we go. If all goes well, kparams_nodm
# will be nothing left but whitespace by the end. # will be nothing left but whitespace by the end.
param=$(escape_regexmetas "$param") param=$(escape_regexmetas "$param")
kparams_nodm=$(echo "$kparams_nodm" | sed "s/\b$param\b//") kparams_nodm=$(echo " ${kparams_nodm} " |
sed "s${M} ${param} ${M} ${M}")
fi fi
done done
# Check-off each of the allowed-but-optional params that were present. # Check-off each of the allowed-but-optional params that were present.
for param in ${optional_kparams[@]}; do for param in "${optional_kparams[@]}"; do
param=$(escape_regexmetas "$param") param=$(escape_regexmetas "$param")
kparams_nodm=$(echo "$kparams_nodm" | sed "s/\b$param\b//") kparams_nodm=$(echo " ${kparams_nodm} " |
sed "s${M} ${param} ${M} ${M}")
done done
# Check-off each of the allowed-but-optional params that were present. # Check-off each of the allowed-but-optional params that were present.
for param in ${optional_kparams_regex[@]}; do for param in "${optional_kparams_regex[@]}"; do
kparams_nodm=$(echo "$kparams_nodm" | sed "s/\b$param\b//") kparams_nodm=$(echo " ${kparams_nodm} " |
sed "s${M} ${param} ${M} ${M}")
done done
# This section enforces the default-deny for any unexpected params # This section enforces the default-deny for any unexpected params
# not already processed by one of the above loops. # not already processed by one of the above loops.
if [[ ! -z ${kparams_nodm// /} ]]; then if [[ ! -z ${kparams_nodm// /} ]]; then
echo "Unexpected kernel parameters found: $kparams_nodm" echo "Unexpected kernel parameters found:"
echo " $(echo "${kparams_nodm}" | sed -r 's: +: :g')"
testfail=1 testfail=1
fi fi