diff options
| author | Mathew King <mathewk@chromium.org> | 2019-03-13 10:24:06 -0600 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2019-03-26 04:43:06 -0700 |
| commit | 06a65e7f3b6a8b5d4f3d8c91ca2447ba399c77d2 (patch) | |
| tree | 8e8b7fd9a13f7be64205e8d971101c2972220f6c | |
| parent | 4cab32fbf65910513e2e6cbda1d283d6afce59a5 (diff) | |
| download | vboot-06a65e7f3b6a8b5d4f3d8c91ca2447ba399c77d2.tar.gz | |
Don't allow vowels in vendor data except first char
BUG=b:128419534
TEST=make runmisctests
BRANCH=none
Change-Id: I1b3403cbe9ce93d9341c7ce32277d75462da894f
Signed-off-by: Mathew King <mathewk@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1521216
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
| -rw-r--r-- | firmware/lib/vboot_ui.c | 12 | ||||
| -rw-r--r-- | tests/vboot_api_kernel2_tests.c | 20 |
2 files changed, 29 insertions, 3 deletions
diff --git a/firmware/lib/vboot_ui.c b/firmware/lib/vboot_ui.c index 65f47986..14f8aabe 100644 --- a/firmware/lib/vboot_ui.c +++ b/firmware/lib/vboot_ui.c @@ -227,6 +227,11 @@ VbError_t vb2_altfw_ui(struct vb2_context *ctx) return 0; } +static inline int is_vowel(uint32_t key) { + return key == 'A' || key == 'E' || key == 'I' || + key == 'O' || key == 'U'; +} + /* * Prompt the user to enter the vendor data */ @@ -262,13 +267,14 @@ VbError_t vb2_enter_vendor_data_ui(struct vb2_context *ctx, char *data_value) key = toupper(key); case '0'...'9': case 'A'...'Z': - if (len < VENDOR_DATA_LENGTH) { + if ((len > 0 && is_vowel(key)) || + len >= VENDOR_DATA_LENGTH) { + vb2_error_beep(VB_BEEP_NOT_ALLOWED); + } else { data_value[len++] = key; data_value[len] = '\0'; VbDisplayScreen(ctx, VB_SCREEN_SET_VENDOR_DATA, 1, &data); - } else { - vb2_error_beep(VB_BEEP_NOT_ALLOWED); } VB2_DEBUG("Vendor Data UI - vendor_data: %s\n", diff --git a/tests/vboot_api_kernel2_tests.c b/tests/vboot_api_kernel2_tests.c index 67414ab5..93eeb816 100644 --- a/tests/vboot_api_kernel2_tests.c +++ b/tests/vboot_api_kernel2_tests.c @@ -763,6 +763,26 @@ static void VbBootDevTest(void) TEST_EQ(set_vendor_data_called, 1, " VbExSetVendorData() called"); TEST_STR_EQ(set_vendor_data, "4321", " Vendor data correct"); + /* Ctrl+S vowels not allowed after first char */ + ResetMocks(); + ctx.flags |= VB2_CONTEXT_VENDOR_DATA_SETTABLE; + mock_keypress[0] = VB_KEY_CTRL('S'); + mock_keypress[1] = 'A'; + mock_keypress[2] = 'A'; + mock_keypress[3] = 'B'; + mock_keypress[4] = 'E'; + mock_keypress[5] = 'i'; + mock_keypress[6] = 'C'; + mock_keypress[7] = 'O'; + mock_keypress[8] = 'u'; + mock_keypress[9] = 'D'; + mock_keypress[10] = VB_KEY_ENTER; // Set vendor data + mock_keypress[11] = VB_KEY_ENTER; // Confirm vendor data + TEST_EQ(VbBootDeveloper(&ctx), VBERROR_REBOOT_REQUIRED, + "Ctrl+S vowels not allowed after first char"); + TEST_EQ(set_vendor_data_called, 1, " VbExSetVendorData() called"); + TEST_STR_EQ(set_vendor_data, "ABCD", " Vendor data correct"); + /* Ctrl+S too short */ ResetMocks(); ctx.flags |= VB2_CONTEXT_VENDOR_DATA_SETTABLE; |