diff options
| author | Michael Brown <mcb30@ipxe.org> | 2023-02-13 20:40:42 +0000 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2023-02-14 11:13:45 +0000 |
| commit | 76a286530a8b5bdbab81c3851b851dea2da32114 (patch) | |
| tree | dbdd17ee66f496fa89dbf8ae0854b6031474b9ed /src/include | |
| parent | 3c83843e111ece30d3dfb5143d5e6aed6164d587 (diff) | |
| download | ipxe-76a286530a8b5bdbab81c3851b851dea2da32114.tar.gz | |
[image] Check delimiters when parsing command-line key-value arguments
The Linux kernel bzImage image format and the CPIO archive constructor
will parse the image command line for certain arguments of the form
"key=value". This parsing is currently implemented using strstr() in
a way that can cause a false positive suffix match. For example, a
command line containing "highmem=<n>" would erroneously be treated as
containing a value for "mem=<n>".
Fix by centralising the logic used for parsing such arguments, and
including a check that the argument immediately follows a whitespace
delimiter (or is at the start of the string).
Reported-by: Filippo Giunchedi <filippo@esaurito.net>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/ipxe/image.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/include/ipxe/image.h b/src/include/ipxe/image.h index 0a5a26034..9e0c0f22a 100644 --- a/src/include/ipxe/image.h +++ b/src/include/ipxe/image.h @@ -195,6 +195,7 @@ extern struct image * image_find_selected ( void ); extern int image_set_trust ( int require_trusted, int permanent ); extern struct image * image_memory ( const char *name, userptr_t data, size_t len ); +extern const char * image_argument ( struct image *image, const char *key ); extern int image_pixbuf ( struct image *image, struct pixel_buffer **pixbuf ); extern int image_asn1 ( struct image *image, size_t offset, struct asn1_cursor **cursor ); |