From 76a286530a8b5bdbab81c3851b851dea2da32114 Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Mon, 13 Feb 2023 20:40:42 +0000 Subject: [image] Check delimiters when parsing command-line key-value arguments The Linux kernel bzImage image format and the CPIO archive constructor will parse the image command line for certain arguments of the form "key=value". This parsing is currently implemented using strstr() in a way that can cause a false positive suffix match. For example, a command line containing "highmem=" would erroneously be treated as containing a value for "mem=". Fix by centralising the logic used for parsing such arguments, and including a check that the argument immediately follows a whitespace delimiter (or is at the start of the string). Reported-by: Filippo Giunchedi Signed-off-by: Michael Brown --- src/include/ipxe/image.h | 1 + 1 file changed, 1 insertion(+) (limited to 'src/include') diff --git a/src/include/ipxe/image.h b/src/include/ipxe/image.h index 0a5a26034..9e0c0f22a 100644 --- a/src/include/ipxe/image.h +++ b/src/include/ipxe/image.h @@ -195,6 +195,7 @@ extern struct image * image_find_selected ( void ); extern int image_set_trust ( int require_trusted, int permanent ); extern struct image * image_memory ( const char *name, userptr_t data, size_t len ); +extern const char * image_argument ( struct image *image, const char *key ); extern int image_pixbuf ( struct image *image, struct pixel_buffer **pixbuf ); extern int image_asn1 ( struct image *image, size_t offset, struct asn1_cursor **cursor ); -- cgit