grub-lakitu: FROMLIST: Verify commands executed by grub
Pass commands to the verification code. We want to be able to log these
in the TPM verification case.
(am from http://lists.gnu.org/archive/html/grub-devel/2017-07/msg00004.html)
BUG=b:69569602
TEST=TBD
Change-Id: I1efdb2b110b070408e4562b38c49456d8ff0e5ad
Reviewed-on: https://chromium-review.googlesource.com/945903
Reviewed-by: Edward Jee <edjee@google.com>
Commit-Queue: Edward Jee <edjee@google.com>
Tested-by: Edward Jee <edjee@google.com>
Trybot-Ready: Edward Jee <edjee@google.com>
diff --git a/grub-lakitu/grub-core/script/execute.c b/grub-lakitu/grub-core/script/execute.c
index a8502d9..4575477 100644
--- a/grub-lakitu/grub-core/script/execute.c
+++ b/grub-lakitu/grub-core/script/execute.c
@@ -27,6 +27,7 @@
#include <grub/normal.h>
#include <grub/extcmd.h>
#include <grub/i18n.h>
+#include <grub/verify.h>
/* Max digits for a char is 3 (0xFF is 255), similarly for an int it
is sizeof (int) * 3, and one extra for a possible -ve sign. */
@@ -929,8 +930,9 @@
grub_err_t ret = 0;
grub_script_function_t func = 0;
char errnobuf[18];
- char *cmdname;
- int argc;
+ char *cmdname, *cmdstring;
+ int argc, offset = 0, cmdlen = 0;
+ unsigned int i;
char **args;
int invert;
struct grub_script_argv argv = { 0, 0, 0 };
@@ -939,6 +941,26 @@
if (grub_script_arglist_to_argv (cmdline->arglist, &argv) || ! argv.args[0])
return grub_errno;
+ for (i = 0; i < argv.argc; i++)
+ {
+ cmdlen += grub_strlen (argv.args[i]) + 1;
+ }
+
+ cmdstring = grub_malloc (cmdlen);
+ if (!cmdstring)
+ {
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+ N_("cannot allocate command buffer"));
+ }
+
+ for (i = 0; i < argv.argc; i++)
+ {
+ offset += grub_snprintf (cmdstring + offset, cmdlen - offset, "%s ",
+ argv.args[i]);
+ }
+ cmdstring[cmdlen - 1] = '\0';
+ grub_verify_string (cmdstring, GRUB_VERIFY_COMMAND);
+ grub_free (cmdstring);
invert = 0;
argc = argv.argc - 1;
args = argv.args + 1;
@@ -1163,4 +1185,3 @@
return grub_script_execute_cmd (script->cmd);
}
-
diff --git a/grub-lakitu/include/grub/verify.h b/grub-lakitu/include/grub/verify.h
index acab4f4..517d386 100644
--- a/grub-lakitu/include/grub/verify.h
+++ b/grub-lakitu/include/grub/verify.h
@@ -11,6 +11,7 @@
{
GRUB_VERIFY_KERNEL_CMDLINE,
GRUB_VERIFY_MODULE_CMDLINE,
+ GRUB_VERIFY_COMMAND,
};
struct grub_file_verifier