diff options
| author | Leah Rowe <leah@libreboot.org> | 2026-03-02 16:43:12 +0000 |
|---|---|---|
| committer | Leah Rowe <leah@libreboot.org> | 2026-03-02 16:46:20 +0000 |
| commit | 46b6b1feb3a5c5d325010e768cdd5af4dd82cb2a (patch) | |
| tree | 8a0a6a73dca356cc28de438957ce695e892b98c0 /util/nvmutil | |
| parent | 0106c3821743e0772ea08958a56b7505d1fb1e33 (diff) | |
util/nvmutil: call set_cmd much earlier
this will enable hardening of the pledge syscalls.
it also means that the program will error out much
earlier, when an invalid command is given, rather
than opening a bunch of files first, and it will
do so under reduced privilege already, notwithstanding
the further pledge/unveil hardening that is planned.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Diffstat (limited to 'util/nvmutil')
| -rw-r--r-- | util/nvmutil/nvmutil.c | 71 |
1 files changed, 35 insertions, 36 deletions
diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c index 7a8c02f0..27c50bf5 100644 --- a/util/nvmutil/nvmutil.c +++ b/util/nvmutil/nvmutil.c @@ -83,8 +83,7 @@ main(int argc, char *argv[]) err_if(pledge("stdio rpath wpath unveil", NULL) == -1); err_if(unveil("/dev/urandom", "r") == -1); #endif - if (argc < 2) - usage(argv[0]); + set_cmd(argc, argv); fname = argv[1]; set_io_flags(argc, argv); @@ -99,8 +98,6 @@ main(int argc, char *argv[]) err_if(pledge("stdio", NULL) == -1); #endif - set_cmd(argc, argv); - nvmalloc(); readGbe(); (*cmd)(); @@ -111,6 +108,40 @@ main(int argc, char *argv[]) } void +set_cmd(int argc, char *argv[]) +{ + if (argc < 2) { + usage(argv[0]); + } else if (argc > 2) { + for (int i = 0; (i < 6) && (cmd == NULL); i++) { + if (strcmp(COMMAND, op[i].str) != 0) + continue; + if (argc >= op[i].args) { + cmd = op[i].cmd; + break; + } + err(SET_ERR(EINVAL), "Too few args on command '%s'", + op[i].str); + } + } else { /* argc == 2 */ + cmd = cmd_setmac; + } + + if ((cmd == NULL) && (argc > 2)) { /* nvm gbe [MAC] */ + strMac = COMMAND; + cmd = cmd_setmac; + } else if (cmd == cmd_setmac) { /* nvm gbe setmac [MAC] */ + strMac = strRMac; /* random MAC */ + if (argc > 3) + strMac = MAC_ADDRESS; + } else if ((cmd != NULL) && (argc > 3)) { /* user-supplied partnum */ + err_if((errno = (!((part = PARTN[0] - '0') == 0 || part == 1)) + || PARTN[1] ? EINVAL : errno)); /* only allow '0' or '1' */ + } + err_if((errno = (cmd == NULL) ? EINVAL : errno)); +} + +void set_io_flags(int argc, char *argv[]) { flags = O_RDWR; @@ -151,38 +182,6 @@ openGbeFile(const char *path) } void -set_cmd(int argc, char *argv[]) -{ - if (argc > 2) { - for (int i = 0; (i < 6) && (cmd == NULL); i++) { - if (strcmp(COMMAND, op[i].str) != 0) - continue; - if (argc >= op[i].args) { - cmd = op[i].cmd; - break; - } - err(SET_ERR(EINVAL), "Too few args on command '%s'", - op[i].str); - } - } else { - cmd = cmd_setmac; - } - - if ((cmd == NULL) && (argc > 2)) { /* nvm gbe [MAC] */ - strMac = COMMAND; - cmd = cmd_setmac; - } else if (cmd == cmd_setmac) { /* nvm gbe setmac [MAC] */ - strMac = strRMac; /* random MAC */ - if (argc > 3) - strMac = MAC_ADDRESS; - } else if ((cmd != NULL) && (argc > 3)) { /* user-supplied partnum */ - err_if((errno = (!((part = PARTN[0] - '0') == 0 || part == 1)) - || PARTN[1] ? EINVAL : errno)); /* only allow '0' or '1' */ - } - err_if((errno = (cmd == NULL) ? EINVAL : errno)); -} - -void nvmalloc(void) { /* same operations need the full block, others only 128 bytes */ |