efivars: let's add some validation of boot menu entry name syntax
This commit is contained in:
parent
cea72d53f8
commit
68d7c268f8
|
@ -771,6 +771,16 @@ int efi_loader_get_device_part_uuid(sd_id128_t *u) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool efi_loader_entry_name_valid(const char *s) {
|
||||||
|
if (isempty(s))
|
||||||
|
return false;
|
||||||
|
|
||||||
|
if (strlen(s) > FILENAME_MAX) /* Make sure entry names fit in filenames */
|
||||||
|
return false;
|
||||||
|
|
||||||
|
return in_charset(s, ALPHANUMERICAL "-");
|
||||||
|
}
|
||||||
|
|
||||||
int efi_loader_get_entries(char ***ret) {
|
int efi_loader_get_entries(char ***ret) {
|
||||||
_cleanup_free_ char16_t *entries = NULL;
|
_cleanup_free_ char16_t *entries = NULL;
|
||||||
_cleanup_strv_free_ char **l = NULL;
|
_cleanup_strv_free_ char **l = NULL;
|
||||||
|
@ -789,7 +799,7 @@ int efi_loader_get_entries(char ***ret) {
|
||||||
/* The variable contains a series of individually NUL terminated UTF-16 strings. */
|
/* The variable contains a series of individually NUL terminated UTF-16 strings. */
|
||||||
|
|
||||||
for (i = 0, start = 0;; i++) {
|
for (i = 0, start = 0;; i++) {
|
||||||
char *decoded;
|
_cleanup_free_ char *decoded = NULL;
|
||||||
bool end;
|
bool end;
|
||||||
|
|
||||||
/* Is this the end of the variable's data? */
|
/* Is this the end of the variable's data? */
|
||||||
|
@ -805,9 +815,12 @@ int efi_loader_get_entries(char ***ret) {
|
||||||
if (!decoded)
|
if (!decoded)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
r = strv_consume(&l, decoded);
|
if (efi_loader_entry_name_valid(decoded)) {
|
||||||
if (r < 0)
|
r = strv_consume(&l, TAKE_PTR(decoded));
|
||||||
return r;
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
} else
|
||||||
|
log_debug("Ignoring invalid loader entry '%s'.", decoded);
|
||||||
|
|
||||||
/* We reached the end of the variable */
|
/* We reached the end of the variable */
|
||||||
if (end)
|
if (end)
|
||||||
|
|
|
@ -50,6 +50,8 @@ int efi_loader_get_boot_usec(usec_t *firmware, usec_t *loader);
|
||||||
|
|
||||||
int efi_loader_get_entries(char ***ret);
|
int efi_loader_get_entries(char ***ret);
|
||||||
|
|
||||||
|
bool efi_loader_entry_name_valid(const char *s);
|
||||||
|
|
||||||
int efi_loader_get_features(uint64_t *ret);
|
int efi_loader_get_features(uint64_t *ret);
|
||||||
|
|
||||||
#else
|
#else
|
||||||
|
|
Loading…
Reference in a new issue