87b6398b46
The run command treats each argument an an environment variable. It gets the value of each variable and executes it as a command. If an environment variable contains a newline and the hush cli is used, it is supposed to execute each line one after the other. Normally a newline signals to hush to exit - this is used in normal command line entry - after a command is entered we want to return to allow the user to enter the next one. But environment variables obviously need to execute to completion. Add a special case for the execution of environment variables which continues when a newline is seen, and add a few tests to check this behaviour. Note: it's not impossible that this may cause regressions in other areas. I can't think of a case but with any change of behaviour with limited test coverage there is always a risk. From what I can tell this behaviour has been around since at least U-Boot 2011.03, although this pre-dates sandbox and I have not tested it on real hardware. Reported-by: Wolfgang Denk <wd@denx.de> Signed-off-by: Simon Glass <sjg@chromium.org>
222 lines
5.1 KiB
C
222 lines
5.1 KiB
C
/*
|
|
* (C) Copyright 2000
|
|
* Wolfgang Denk, DENX Software Engineering, wd@denx.de.
|
|
*
|
|
* Add to readline cmdline-editing by
|
|
* (C) Copyright 2005
|
|
* JinHua Luo, GuangDong Linux Center, <luo.jinhua@gd-linux.com>
|
|
*
|
|
* SPDX-License-Identifier: GPL-2.0+
|
|
*/
|
|
|
|
#include <common.h>
|
|
#include <cli.h>
|
|
#include <cli_hush.h>
|
|
#include <fdtdec.h>
|
|
#include <malloc.h>
|
|
|
|
DECLARE_GLOBAL_DATA_PTR;
|
|
|
|
/*
|
|
* Run a command using the selected parser.
|
|
*
|
|
* @param cmd Command to run
|
|
* @param flag Execution flags (CMD_FLAG_...)
|
|
* @return 0 on success, or != 0 on error.
|
|
*/
|
|
int run_command(const char *cmd, int flag)
|
|
{
|
|
#ifndef CONFIG_SYS_HUSH_PARSER
|
|
/*
|
|
* cli_run_command can return 0 or 1 for success, so clean up
|
|
* its result.
|
|
*/
|
|
if (cli_simple_run_command(cmd, flag) == -1)
|
|
return 1;
|
|
|
|
return 0;
|
|
#else
|
|
int hush_flags = FLAG_PARSE_SEMICOLON | FLAG_EXIT_FROM_LOOP;
|
|
|
|
if (flag & CMD_FLAG_ENV)
|
|
hush_flags |= FLAG_CONT_ON_NEWLINE;
|
|
return parse_string_outer(cmd, hush_flags);
|
|
#endif
|
|
}
|
|
|
|
/*
|
|
* Run a command using the selected parser, and check if it is repeatable.
|
|
*
|
|
* @param cmd Command to run
|
|
* @param flag Execution flags (CMD_FLAG_...)
|
|
* @return 0 (not repeatable) or 1 (repeatable) on success, -1 on error.
|
|
*/
|
|
int run_command_repeatable(const char *cmd, int flag)
|
|
{
|
|
#ifndef CONFIG_SYS_HUSH_PARSER
|
|
return cli_simple_run_command(cmd, flag);
|
|
#else
|
|
/*
|
|
* parse_string_outer() returns 1 for failure, so clean up
|
|
* its result.
|
|
*/
|
|
if (parse_string_outer(cmd,
|
|
FLAG_PARSE_SEMICOLON | FLAG_EXIT_FROM_LOOP))
|
|
return -1;
|
|
|
|
return 0;
|
|
#endif
|
|
}
|
|
|
|
int run_command_list(const char *cmd, int len, int flag)
|
|
{
|
|
int need_buff = 1;
|
|
char *buff = (char *)cmd; /* cast away const */
|
|
int rcode = 0;
|
|
|
|
if (len == -1) {
|
|
len = strlen(cmd);
|
|
#ifdef CONFIG_SYS_HUSH_PARSER
|
|
/* hush will never change our string */
|
|
need_buff = 0;
|
|
#else
|
|
/* the built-in parser will change our string if it sees \n */
|
|
need_buff = strchr(cmd, '\n') != NULL;
|
|
#endif
|
|
}
|
|
if (need_buff) {
|
|
buff = malloc(len + 1);
|
|
if (!buff)
|
|
return 1;
|
|
memcpy(buff, cmd, len);
|
|
buff[len] = '\0';
|
|
}
|
|
#ifdef CONFIG_SYS_HUSH_PARSER
|
|
rcode = parse_string_outer(buff, FLAG_PARSE_SEMICOLON);
|
|
#else
|
|
/*
|
|
* This function will overwrite any \n it sees with a \0, which
|
|
* is why it can't work with a const char *. Here we are making
|
|
* using of internal knowledge of this function, to avoid always
|
|
* doing a malloc() which is actually required only in a case that
|
|
* is pretty rare.
|
|
*/
|
|
rcode = cli_simple_run_command_list(buff, flag);
|
|
if (need_buff)
|
|
free(buff);
|
|
#endif
|
|
|
|
return rcode;
|
|
}
|
|
|
|
/****************************************************************************/
|
|
|
|
#if defined(CONFIG_CMD_RUN)
|
|
int do_run(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
|
|
{
|
|
int i;
|
|
|
|
if (argc < 2)
|
|
return CMD_RET_USAGE;
|
|
|
|
for (i = 1; i < argc; ++i) {
|
|
char *arg;
|
|
|
|
arg = getenv(argv[i]);
|
|
if (arg == NULL) {
|
|
printf("## Error: \"%s\" not defined\n", argv[i]);
|
|
return 1;
|
|
}
|
|
|
|
if (run_command(arg, flag | CMD_FLAG_ENV) != 0)
|
|
return 1;
|
|
}
|
|
return 0;
|
|
}
|
|
#endif
|
|
|
|
#ifdef CONFIG_OF_CONTROL
|
|
bool cli_process_fdt(const char **cmdp)
|
|
{
|
|
/* Allow the fdt to override the boot command */
|
|
char *env = fdtdec_get_config_string(gd->fdt_blob, "bootcmd");
|
|
if (env)
|
|
*cmdp = env;
|
|
/*
|
|
* If the bootsecure option was chosen, use secure_boot_cmd().
|
|
* Always use 'env' in this case, since bootsecure requres that the
|
|
* bootcmd was specified in the FDT too.
|
|
*/
|
|
return fdtdec_get_config_int(gd->fdt_blob, "bootsecure", 0) != 0;
|
|
}
|
|
|
|
/*
|
|
* Runs the given boot command securely. Specifically:
|
|
* - Doesn't run the command with the shell (run_command or parse_string_outer),
|
|
* since that's a lot of code surface that an attacker might exploit.
|
|
* Because of this, we don't do any argument parsing--the secure boot command
|
|
* has to be a full-fledged u-boot command.
|
|
* - Doesn't check for keypresses before booting, since that could be a
|
|
* security hole; also disables Ctrl-C.
|
|
* - Doesn't allow the command to return.
|
|
*
|
|
* Upon any failures, this function will drop into an infinite loop after
|
|
* printing the error message to console.
|
|
*/
|
|
void cli_secure_boot_cmd(const char *cmd)
|
|
{
|
|
cmd_tbl_t *cmdtp;
|
|
int rc;
|
|
|
|
if (!cmd) {
|
|
printf("## Error: Secure boot command not specified\n");
|
|
goto err;
|
|
}
|
|
|
|
/* Disable Ctrl-C just in case some command is used that checks it. */
|
|
disable_ctrlc(1);
|
|
|
|
/* Find the command directly. */
|
|
cmdtp = find_cmd(cmd);
|
|
if (!cmdtp) {
|
|
printf("## Error: \"%s\" not defined\n", cmd);
|
|
goto err;
|
|
}
|
|
|
|
/* Run the command, forcing no flags and faking argc and argv. */
|
|
rc = (cmdtp->cmd)(cmdtp, 0, 1, (char **)&cmd);
|
|
|
|
/* Shouldn't ever return from boot command. */
|
|
printf("## Error: \"%s\" returned (code %d)\n", cmd, rc);
|
|
|
|
err:
|
|
/*
|
|
* Not a whole lot to do here. Rebooting won't help much, since we'll
|
|
* just end up right back here. Just loop.
|
|
*/
|
|
hang();
|
|
}
|
|
#endif /* CONFIG_OF_CONTROL */
|
|
|
|
void cli_loop(void)
|
|
{
|
|
#ifdef CONFIG_SYS_HUSH_PARSER
|
|
parse_file_outer();
|
|
/* This point is never reached */
|
|
for (;;);
|
|
#else
|
|
cli_simple_loop();
|
|
#endif /*CONFIG_SYS_HUSH_PARSER*/
|
|
}
|
|
|
|
void cli_init(void)
|
|
{
|
|
#ifdef CONFIG_SYS_HUSH_PARSER
|
|
u_boot_hush_start();
|
|
#endif
|
|
|
|
#if defined(CONFIG_HUSH_INIT_VAR)
|
|
hush_init_var();
|
|
#endif
|
|
}
|