diff options
Diffstat (limited to 'util/libreboot-utils')
| -rw-r--r-- | util/libreboot-utils/Makefile | 178 | ||||
| -rw-r--r-- | util/libreboot-utils/include/common.h | 4 | ||||
| -rw-r--r-- | util/libreboot-utils/lib/file.c | 23 | ||||
| -rw-r--r-- | util/libreboot-utils/lib/mkhtemp.c | 8 | ||||
| -rw-r--r-- | util/libreboot-utils/lib/string.c | 50 | ||||
| -rw-r--r-- | util/libreboot-utils/lottery.c | 8 | ||||
| -rw-r--r-- | util/libreboot-utils/mkhtemp.c | 13 | ||||
| -rw-r--r-- | util/libreboot-utils/nvmutil.c | 33 |
8 files changed, 122 insertions, 195 deletions
diff --git a/util/libreboot-utils/Makefile b/util/libreboot-utils/Makefile index 92e8a3a6..f19612d3 100644 --- a/util/libreboot-utils/Makefile +++ b/util/libreboot-utils/Makefile @@ -2,165 +2,59 @@ # Copyright (c) 2022,2026 Leah Rowe <leah@libreboot.org> # Copyright (c) 2023 Riku Viitanen <riku.viitanen@protonmail.com> -# Makefile for nvmutil, which is an application -# that modifies Intel GbE NVM configurations. - CC = cc -HELLCC = clang - CFLAGS = -Os -Wall -Wextra -std=c99 -pedantic LDFLAGS = -DESTDIR = PREFIX = /usr/local +DESTDIR = INSTALL = install -# used for portability testing on linux: -# -PORT_OPENAT = -DUSE_OPENAT=1 -PORT_ARC4 = -DUSE_ARC4=1 -PORT_URANDOM = -DUSE_URANDOM=1 - -.SUFFIXES: .c .o - -LDIR = - -HELLFLAGS = $(STRICT) -Weverything - -PROG = nvmutil -PROGMKH = mkhtemp -PROGLOT = lottery - -OBJS_NVMUTIL = \ - obj/nvmutil.o \ - obj/lib/state.o \ - obj/lib/file.o \ - obj/lib/string.o \ - obj/lib/usage.o \ - obj/lib/command.o \ - obj/lib/num.o \ - obj/lib/io.o \ - obj/lib/checksum.o \ - obj/lib/word.o \ - obj/lib/mkhtemp.o \ - obj/lib/rand.o - -OBJS_MKHTEMP = \ - obj/mkhtemp.o \ - obj/lib/file.o \ - obj/lib/string.o \ - obj/lib/num.o \ - obj/lib/mkhtemp.o \ - obj/lib/rand.o - -OBJS_LOTTERY = \ - obj/lottery.o \ - obj/lib/file.o \ - obj/lib/string.o \ - obj/lib/num.o \ - obj/lib/mkhtemp.o \ - obj/lib/rand.o - -# default mode -CC_MODE = $(CC) - -all: $(PROG) $(PROGMKH) $(PROGLOT) - -$(PROG): $(OBJS_NVMUTIL) - $(CC_MODE) $(CFLAGS) $(OBJS_NVMUTIL) -o $(PROG) $(LDFLAGS) - -$(PROGMKH): $(OBJS_MKHTEMP) - $(CC_MODE) $(CFLAGS) $(OBJS_MKHTEMP) -o $(PROGMKH) $(LDFLAGS) - -$(PROGLOT): $(OBJS_LOTTERY) - $(CC_MODE) $(CFLAGS) $(OBJS_LOTTERY) -o $(PROGLOT) $(LDFLAGS) +PROGS = nvmutil mkhtemp lottery -# ensure obj directory exists -$(OBJS_NVMUTIL): obj -$(OBJS_MKHTEMP): obj -$(OBJS_LOTTERY): obj +LIB_OBJS = \ + lib/state.o \ + lib/file.o \ + lib/string.o \ + lib/usage.o \ + lib/command.o \ + lib/num.o \ + lib/io.o \ + lib/checksum.o \ + lib/word.o \ + lib/mkhtemp.o \ + lib/rand.o -obj: - mkdir obj || true - mkdir obj/lib || true +OBJS_NVMUTIL = nvmutil.o $(LIB_OBJS) +OBJS_MKHTEMP = mkhtemp.o lib/file.o lib/string.o lib/num.o lib/mkhtemp.o lib/rand.o +OBJS_LOTTERY = lottery.o lib/file.o lib/string.o lib/num.o lib/mkhtemp.o lib/rand.o -# main program object +all: $(PROGS) -obj/nvmutil.o: nvmutil.c - $(CC_MODE) $(CFLAGS) -c nvmutil.c -o obj/nvmutil.o +nvmutil: $(OBJS_NVMUTIL) + $(CC) $(CFLAGS) $(OBJS_NVMUTIL) -o $@ $(LDFLAGS) -obj/mkhtemp.o: mkhtemp.c - $(CC_MODE) $(CFLAGS) -c mkhtemp.c -o obj/mkhtemp.o +mkhtemp: $(OBJS_MKHTEMP) + $(CC) $(CFLAGS) $(OBJS_MKHTEMP) -o $@ $(LDFLAGS) -obj/lottery.o: lottery.c - $(CC_MODE) $(CFLAGS) -c lottery.c -o obj/lottery.o +lottery: $(OBJS_LOTTERY) + $(CC) $(CFLAGS) $(OBJS_LOTTERY) -o $@ $(LDFLAGS) -# library/helper objects +.c.o: + $(CC) $(CFLAGS) -c $< -o $@ -obj/lib/state.o: lib/state.c - $(CC_MODE) $(CFLAGS) -c lib/state.c -o obj/lib/state.o - -obj/lib/file.o: lib/file.c - $(CC_MODE) $(CFLAGS) -c lib/file.c -o obj/lib/file.o - -obj/lib/string.o: lib/string.c - $(CC_MODE) $(CFLAGS) -c lib/string.c -o obj/lib/string.o - -obj/lib/usage.o: lib/usage.c - $(CC_MODE) $(CFLAGS) -c lib/usage.c -o obj/lib/usage.o - -obj/lib/command.o: lib/command.c - $(CC_MODE) $(CFLAGS) -c lib/command.c -o obj/lib/command.o - -obj/lib/num.o: lib/num.c - $(CC_MODE) $(CFLAGS) -c lib/num.c -o obj/lib/num.o - -obj/lib/io.o: lib/io.c - $(CC_MODE) $(CFLAGS) -c lib/io.c -o obj/lib/io.o - -obj/lib/checksum.o: lib/checksum.c - $(CC_MODE) $(CFLAGS) -c lib/checksum.c -o obj/lib/checksum.o - -obj/lib/word.o: lib/word.c - $(CC_MODE) $(CFLAGS) -c lib/word.c -o obj/lib/word.o - -obj/lib/mkhtemp.o: lib/mkhtemp.c - $(CC_MODE) $(CFLAGS) -c lib/mkhtemp.c -o obj/lib/mkhtemp.o - -obj/lib/rand.o: lib/rand.c - $(CC_MODE) $(CFLAGS) -c lib/rand.c -o obj/lib/rand.o - -# install - -install: $(PROG) $(PROGMKH) $(PROGLOT) - $(INSTALL) -d $(DESTDIR)$(PREFIX)/bin - $(INSTALL) $(PROG) $(DESTDIR)$(PREFIX)/bin/$(PROG) - chmod 755 $(DESTDIR)$(PREFIX)/bin/$(PROG) - $(INSTALL) $(PROGMKH) $(DESTDIR)$(PREFIX)/bin/$(PROGMKH) - chmod 755 $(DESTDIR)$(PREFIX)/bin/$(PROGMKH) - $(INSTALL) $(PROGLOT) $(DESTDIR)$(PREFIX)/bin/$(PROGLOT) - chmod 755 $(DESTDIR)$(PREFIX)/bin/$(PROGLOT) +install: $(PROGS) + mkdir -p $(DESTDIR)$(PREFIX)/bin + for p in $(PROGS); do \ + $(INSTALL) $$p $(DESTDIR)$(PREFIX)/bin/$$p; \ + chmod 755 $(DESTDIR)$(PREFIX)/bin/$$p; \ + done uninstall: - rm -f $(DESTDIR)$(PREFIX)/bin/$(PROG) - rm -f $(DESTDIR)$(PREFIX)/bin/$(PROGMKH) - rm -f $(DESTDIR)$(PREFIX)/bin/$(PROGLOT) + for p in $(PROGS); do \ + rm -f $(DESTDIR)$(PREFIX)/bin/$$p; \ + done clean: - rm -f $(PROG) $(PROGMKH) $(OBJS_NVMUTIL) $(OBJS_MKHTEMP) \ - $(OBJS_LOTTERY) $(PROGLOT) + rm -f $(PROGS) *.o lib/*.o distclean: clean - -# mode targets (portable replacement for ifeq) - -strict: - $(MAKE) CFLAGS="$(CFLAGS) $(HELLFLAGS)" CC_MODE="$(HELLCC)" - -# BSD-like portability test (openat + arc4random) -portable-bsd: - $(MAKE) CFLAGS="$(CFLAGS) $(PORT_OPENAT) $(PORT_ARC4)" CC_MODE="$(CC)" - -# fallback portability test (openat + urandom -- old linux mostly) -portable-urandom: - $(MAKE) CFLAGS="$(CFLAGS) $(PORT_OPENAT) $(PORT_URANDOM)" \ - CC_MODE="$(CC)" diff --git a/util/libreboot-utils/include/common.h b/util/libreboot-utils/include/common.h index d08828df..940c4364 100644 --- a/util/libreboot-utils/include/common.h +++ b/util/libreboot-utils/include/common.h @@ -357,8 +357,6 @@ void write_mac_part(size_t partnum); size_t page_remain(const void *p); long pagesize(void); -int xunveilx(const char *path, const char *permissions); -int xpledgex(const char *promises, const char *execpromises); char *smalloc(char **buf, size_t size); void *vmalloc(void **buf, size_t size); size_t slen(const char *scmp, size_t maxlen, @@ -368,6 +366,8 @@ int scmp(const char *a, const char *b, size_t maxlen, int *rval); int ccmp(const char *a, const char *b, size_t i, int *rval); +int dup_pair(char **dir, const char *d, + char **base, const char *b); char *sdup(const char *s, size_t n, char **dest); char *scatn(ssize_t sc, const char **sv, diff --git a/util/libreboot-utils/lib/file.c b/util/libreboot-utils/lib/file.c index efc23ba9..0385ebbb 100644 --- a/util/libreboot-utils/lib/file.c +++ b/util/libreboot-utils/lib/file.c @@ -521,6 +521,8 @@ fs_dirname_basename(const char *path, char *buf = NULL; char *slash; size_t len; + const char *d = NULL; + const char *b = NULL; errno = 0; if (if_err(path == NULL || dir == NULL || base == NULL, EFAULT)) @@ -539,22 +541,27 @@ fs_dirname_basename(const char *path, if (slash) { *slash = '\0'; - *dir = buf; - *base = slash + 1; + d = buf; + b = slash + 1; - if (**dir == '\0') { - (*dir)[0] = '/'; - (*dir)[1] = '\0'; - } + if (*d == '\0') + d = "/"; } else if (allow_relative) { - sdup(".", PATH_MAX, dir); - *base = buf; + d = "."; + b = buf; } else { free_and_set_null(&buf); goto err; } + if (dup_pair(dir, d, base, b) < 0) { + free_and_set_null(&buf); + goto err; + } + + free_and_set_null(&buf); + reset_caller_errno(0); return 0; err: diff --git a/util/libreboot-utils/lib/mkhtemp.c b/util/libreboot-utils/lib/mkhtemp.c index d9411104..d394ae73 100644 --- a/util/libreboot-utils/lib/mkhtemp.c +++ b/util/libreboot-utils/lib/mkhtemp.c @@ -195,7 +195,11 @@ env_tmpdir(int bypass_all_sticky_checks, char **tmpdir, bypass_all_sticky_checks)) goto err; - rval = t; + rval = NULL; + if (t != NULL) { + if (sdup(t, PATH_MAX, &rval) == NULL) + goto err; + } goto out; } @@ -547,7 +551,7 @@ mkhtemp_try_create(int dirfd, /* try O_TMPFILE fast path */ if (mkhtemp_tmpfile_linux(dirfd, st_dir_first, fname_copy, - p, xc, fd, st) == 0) { + p, xc, fd, st) >= 0) { errno = saved_errno; rval = 1; diff --git a/util/libreboot-utils/lib/string.c b/util/libreboot-utils/lib/string.c index 5e0b4c33..7388cf35 100644 --- a/util/libreboot-utils/lib/string.c +++ b/util/libreboot-utils/lib/string.c @@ -270,6 +270,27 @@ out: return *rval; } +int +dup_pair(char **dir, const char *d, + char **base, const char *b) +{ + char *dtmp = NULL; + char *btmp = NULL; + + if (d && sdup(d, PATH_MAX, &dtmp) == NULL) + return -1; + + if (b && sdup(b, PATH_MAX, &btmp) == NULL) { + free(dtmp); + return -1; + } + + *dir = dtmp; + *base = btmp; + + return 0; +} + /* strict word-based strdup */ char * sdup(const char *s, @@ -620,32 +641,3 @@ lbsetprogname(char *argv0) return progname; } - -/* https://man.openbsd.org/pledge.2 - https://man.openbsd.org/unveil.2 */ -int -xpledgex(const char *promises, const char *execpromises) -{ - int saved_errno = errno; - (void) promises, (void) execpromises, (void) saved_errno; - errno = 0; -#ifdef __OpenBSD__ - if (pledge(promises, execpromises) == -1) - exitf("pledge"); -#endif - reset_caller_errno(0); - return 0; -} -int -xunveilx(const char *path, const char *permissions) -{ - int saved_errno = errno; - (void) path, (void) permissions, (void) saved_errno; - errno = 0; -#ifdef __OpenBSD__ - if (pledge(promises, execpromises) == -1) - exitf("pledge"); -#endif - reset_caller_errno(0); - return 0; -} diff --git a/util/libreboot-utils/lottery.c b/util/libreboot-utils/lottery.c index 1648cbc7..3ac4d135 100644 --- a/util/libreboot-utils/lottery.c +++ b/util/libreboot-utils/lottery.c @@ -16,6 +16,9 @@ exit_cleanup(void); int main(int argc, char **argv) { +#ifndef __linux__ +#error This code is currently buggy on BSD systems. Only use on Linux. +#endif int same = 0; char *buf; size_t size = BUFSIZ; @@ -24,8 +27,11 @@ main(int argc, char **argv) (void) errhook(exit_cleanup); (void) lbsetprogname(argv[0]); +#ifdef __OpenBSD__ /* https://man.openbsd.org/pledge.2 */ - xpledgex("stdio", NULL); + if (pledge("stdio", NULL) == -1) + exitf("pledge"); +#endif buf = rmalloc(size); if (!vcmp(buf, buf + (size >> 1), size >> 1)) diff --git a/util/libreboot-utils/mkhtemp.c b/util/libreboot-utils/mkhtemp.c index 86aab536..9ff70328 100644 --- a/util/libreboot-utils/mkhtemp.c +++ b/util/libreboot-utils/mkhtemp.c @@ -41,6 +41,9 @@ exit_cleanup(void); int main(int argc, char *argv[]) { +#ifndef __linux__ +#error This code is currently buggy on BSD systems. Only use on Linux. +#endif size_t len; size_t tlen; size_t xc = 0; @@ -59,8 +62,11 @@ main(int argc, char *argv[]) (void) errhook(exit_cleanup); (void) lbsetprogname(argv[0]); +#ifdef __OpenBSD__ /* https://man.openbsd.org/pledge.2 */ - xpledgex("stdio flock rpath wpath cpath", NULL); + if (pledge("stdio flock rpath wpath cpath fattr", NULL) == -1) + exitf("pledge"); +#endif while ((c = getopt(argc, argv, "qdp:")) != -1) { @@ -117,7 +123,10 @@ main(int argc, char *argv[]) tmpdir, template) < 0) exitf("%s", s); - xpledgex("stdio", NULL); +#ifdef __OpenBSD__ + if (pledge("stdio", NULL) == -1) + exitf("pledge"); +#endif if (s == NULL) exitf("bad string initialisation"); diff --git a/util/libreboot-utils/nvmutil.c b/util/libreboot-utils/nvmutil.c index 66e47ec8..67b01ae7 100644 --- a/util/libreboot-utils/nvmutil.c +++ b/util/libreboot-utils/nvmutil.c @@ -27,6 +27,9 @@ exit_cleanup(void); int main(int argc, char *argv[]) { +#ifndef __linux__ +#error This code is currently buggy on BSD systems. Only use on Linux. +#endif struct xstate *x; struct commands *cmd; struct xfile *f; @@ -38,10 +41,14 @@ main(int argc, char *argv[]) (void) errhook(exit_cleanup); +#ifdef __OpenBSD /* https://man.openbsd.org/pledge.2 */ /* https://man.openbsd.org/unveil.2 */ - xpledgex("stdio flock rpath wpath cpath unveil", NULL); - xunveilx("/dev/urandom", "r"); + if (pledge("stdio flock rpath wpath cpath unveil", NULL) == -1) + exitf("pledge"); + if (unveil("/dev/urandom", "r") == -1) + exitf("unveil"); +#endif #ifndef S_ISREG exitf( @@ -62,14 +69,22 @@ main(int argc, char *argv[]) cmd = &x->cmd[x->i]; f = &x->f; - if ((cmd->flags & O_ACCMODE) == O_RDONLY) - xunveilx(f->fname, "r"); - else - xunveilx(f->fname, "rwc"); +#ifdef __OpenBSD__ + if ((cmd->flags & O_ACCMODE) == O_RDONLY) { + if (unveil(f->fname, "r") == -1) + exitf("unveil"); + } else { + if (unveil(f->fname, "rwc") == -1) + exitf("unveil"); + } - xunveilx(f->tname, "rwc"); - xunveilx(NULL, NULL); - xpledgex("stdio flock rpath wpath cpath", NULL); + if (unveil(f->tname, "rwc") == -1) + exitf("unveil"); + if (unveil(NULL, NULL) == -1) + exitf("unveil"); + if (pledge("stdio flock rpath wpath cpath", NULL) == -1) + exitf("pledge"); +#endif if (cmd->run == NULL) exitf("Command not set"); |