diff options
author | Jim Hebert <jimhebert@chromium.org> | 2011-02-17 16:54:24 -0800 |
---|---|---|
committer | Jim Hebert <jimhebert@chromium.org> | 2011-02-17 16:54:24 -0800 |
commit | 00b7d48f39c5e475fd3bc2f60cd987f164a0611e (patch) | |
tree | 05d3d31f9ac5c888e39e8a6e321603fef586a5db /scripts/image_signing/ensure_secure_kernelparams.sh | |
parent | b944534edd3799b3353f73bcb8ee90161d640c2b (diff) | |
download | vboot-00b7d48f39c5e475fd3bc2f60cd987f164a0611e.tar.gz |
Fix issue where params which are sub-strings of other params caused problems e.g. ro and cros_secure
Change-Id: Ic6dd5a883646103b32cfb58712df7d34725c5f62
BUG=chromium-os:12285
TEST=Ran ./ensure_secure_kernelparams.sh chromiumos_base_image.bin on today's mario build which had repro'd the bug
Review URL: http://codereview.chromium.org/6538034
Diffstat (limited to 'scripts/image_signing/ensure_secure_kernelparams.sh')
-rwxr-xr-x | scripts/image_signing/ensure_secure_kernelparams.sh | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/scripts/image_signing/ensure_secure_kernelparams.sh b/scripts/image_signing/ensure_secure_kernelparams.sh index 1d159d4c..29fab35e 100755 --- a/scripts/image_signing/ensure_secure_kernelparams.sh +++ b/scripts/image_signing/ensure_secure_kernelparams.sh @@ -32,6 +32,12 @@ dmparams_mangle_sha1() { echo "$1" | sed 's/sha1 [0-9a-fA-F]*/sha1 MAGIC_HASH/' } +# This escapes any non-alphanum character, since many such characters +# are regex metacharacters. +escape_regexmetas() { + echo "$1" | sed 's/\([^a-zA-Z0-9]\)/\\\1/g' +} + usage() { echo "Usage $PROG image [config]" } @@ -86,20 +92,22 @@ main() { fi # Ensure all other required params are present. - for param in ${required_kparams[@]}; do : + for param in ${required_kparams[@]}; do if [[ "$kparams_nodm" != *$param* ]]; then echo "Kernel parameters missing required value: $param" testfail=1 else # Remove matched params as we go. If all goes well, kparams_nodm # will be nothing left but whitespace by the end. - kparams_nodm=${kparams_nodm/$param/} + param=$(escape_regexmetas "$param") + kparams_nodm=$(echo "$kparams_nodm" | sed "s/\b$param\b//") fi done # Check-off each of the allowed-but-optional params that were present. - for param in ${optional_kparams[@]}; do : - kparams_nodm=${kparams_nodm/$param/} + for param in ${optional_kparams[@]}; do + param=$(escape_regexmetas "$param") + kparams_nodm=$(echo "$kparams_nodm" | sed "s/\b$param\b//") done # This section enforces the default-deny for any unexpected params |