From 46b6b1feb3a5c5d325010e768cdd5af4dd82cb2a Mon Sep 17 00:00:00 2001
From: Leah Rowe <leah@libreboot.org>
Date: Mon, 2 Mar 2026 16:43:12 +0000
Subject: util/nvmutil: call set_cmd much earlier

this will enable hardening of the pledge syscalls.

it also means that the program will error out much
earlier, when an invalid command is given, rather
than opening a bunch of files first, and it will
do so under reduced privilege already, notwithstanding
the further pledge/unveil hardening that is planned.

Signed-off-by: Leah Rowe <leah@libreboot.org>
---
 util/nvmutil/nvmutil.c | 71 +++++++++++++++++++++++++-------------------------
 1 file changed, 35 insertions(+), 36 deletions(-)

(limited to 'util/nvmutil/nvmutil.c')

diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c
index 7a8c02f0..27c50bf5 100644
--- a/util/nvmutil/nvmutil.c
+++ b/util/nvmutil/nvmutil.c
@@ -83,8 +83,7 @@ main(int argc, char *argv[])
 	err_if(pledge("stdio rpath wpath unveil", NULL) == -1);
 	err_if(unveil("/dev/urandom", "r") == -1);
 #endif
-	if (argc < 2)
-		usage(argv[0]);
+	set_cmd(argc, argv);
 
 	fname = argv[1];
 	set_io_flags(argc, argv);
@@ -99,8 +98,6 @@ main(int argc, char *argv[])
 	err_if(pledge("stdio", NULL) == -1);
 #endif
 
-	set_cmd(argc, argv);
-
 	nvmalloc();
 	readGbe();
 	(*cmd)();
@@ -110,6 +107,40 @@ main(int argc, char *argv[])
 	return errno;
 }
 
+void
+set_cmd(int argc, char *argv[])
+{
+	if (argc < 2) {
+		usage(argv[0]);
+	} else if (argc > 2) {
+		for (int i = 0; (i < 6) && (cmd == NULL); i++) {
+			if (strcmp(COMMAND, op[i].str) != 0)
+				continue;
+			if (argc >= op[i].args) {
+				cmd = op[i].cmd;
+				break;
+			}
+			err(SET_ERR(EINVAL), "Too few args on command '%s'",
+			    op[i].str);
+		}
+	} else { /* argc == 2 */
+		cmd = cmd_setmac;
+	}
+
+	if ((cmd == NULL) && (argc > 2)) { /* nvm gbe [MAC] */
+		strMac = COMMAND;
+		cmd = cmd_setmac;
+	} else if (cmd == cmd_setmac) { /* nvm gbe setmac [MAC] */
+		strMac = strRMac; /* random MAC */
+		if (argc > 3)
+			strMac = MAC_ADDRESS;
+	} else if ((cmd != NULL) && (argc > 3)) { /* user-supplied partnum */
+		err_if((errno = (!((part = PARTN[0] - '0') == 0 || part == 1))
+		    || PARTN[1] ? EINVAL : errno)); /* only allow '0' or '1' */
+	}
+	err_if((errno = (cmd == NULL) ? EINVAL : errno));
+}
+
 void
 set_io_flags(int argc, char *argv[])
 {
@@ -150,38 +181,6 @@ openGbeFile(const char *path)
 	}
 }
 
-void
-set_cmd(int argc, char *argv[])
-{
-	if (argc > 2) {
-		for (int i = 0; (i < 6) && (cmd == NULL); i++) {
-			if (strcmp(COMMAND, op[i].str) != 0)
-				continue;
-			if (argc >= op[i].args) {
-				cmd = op[i].cmd;
-				break;
-			}
-			err(SET_ERR(EINVAL), "Too few args on command '%s'",
-			    op[i].str);
-		}
-	} else {
-		cmd = cmd_setmac;
-	}
-
-	if ((cmd == NULL) && (argc > 2)) { /* nvm gbe [MAC] */
-		strMac = COMMAND;
-		cmd = cmd_setmac;
-	} else if (cmd == cmd_setmac) { /* nvm gbe setmac [MAC] */
-		strMac = strRMac; /* random MAC */
-		if (argc > 3)
-			strMac = MAC_ADDRESS;
-	} else if ((cmd != NULL) && (argc > 3)) { /* user-supplied partnum */
-		err_if((errno = (!((part = PARTN[0] - '0') == 0 || part == 1))
-		    || PARTN[1] ? EINVAL : errno)); /* only allow '0' or '1' */
-	}
-	err_if((errno = (cmd == NULL) ? EINVAL : errno));
-}
-
 void
 nvmalloc(void)
 {
-- 
cgit v1.2.1