u-boot/common/cli.c
Simon Glass 87b6398b46 cli: hush: Adjust 'run' command to run each line of the env var
The run command treats each argument an an environment variable. It gets the
value of each variable and executes it as a command. If an environment
variable contains a newline and the hush cli is used, it is supposed to
execute each line one after the other.

Normally a newline signals to hush to exit - this is used in normal command
line entry - after a command is entered we want to return to allow the user
to enter the next one. But environment variables obviously need to execute
to completion.

Add a special case for the execution of environment variables which
continues when a newline is seen, and add a few tests to check this
behaviour.

Note: it's not impossible that this may cause regressions in other areas.
I can't think of a case but with any change of behaviour with limited test
coverage there is always a risk. From what I can tell this behaviour has
been around since at least U-Boot 2011.03, although this pre-dates sandbox
and I have not tested it on real hardware.

Reported-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
2014-10-27 11:03:33 -04:00

221 lines
5.1 KiB
C

/*
* (C) Copyright 2000
* Wolfgang Denk, DENX Software Engineering, wd@denx.de.
*
* Add to readline cmdline-editing by
* (C) Copyright 2005
* JinHua Luo, GuangDong Linux Center, <luo.jinhua@gd-linux.com>
*
* SPDX-License-Identifier: GPL-2.0+
*/
#include <common.h>
#include <cli.h>
#include <cli_hush.h>
#include <fdtdec.h>
#include <malloc.h>
DECLARE_GLOBAL_DATA_PTR;
/*
* Run a command using the selected parser.
*
* @param cmd Command to run
* @param flag Execution flags (CMD_FLAG_...)
* @return 0 on success, or != 0 on error.
*/
int run_command(const char *cmd, int flag)
{
#ifndef CONFIG_SYS_HUSH_PARSER
/*
* cli_run_command can return 0 or 1 for success, so clean up
* its result.
*/
if (cli_simple_run_command(cmd, flag) == -1)
return 1;
return 0;
#else
int hush_flags = FLAG_PARSE_SEMICOLON | FLAG_EXIT_FROM_LOOP;
if (flag & CMD_FLAG_ENV)
hush_flags |= FLAG_CONT_ON_NEWLINE;
return parse_string_outer(cmd, hush_flags);
#endif
}
/*
* Run a command using the selected parser, and check if it is repeatable.
*
* @param cmd Command to run
* @param flag Execution flags (CMD_FLAG_...)
* @return 0 (not repeatable) or 1 (repeatable) on success, -1 on error.
*/
int run_command_repeatable(const char *cmd, int flag)
{
#ifndef CONFIG_SYS_HUSH_PARSER
return cli_simple_run_command(cmd, flag);
#else
/*
* parse_string_outer() returns 1 for failure, so clean up
* its result.
*/
if (parse_string_outer(cmd,
FLAG_PARSE_SEMICOLON | FLAG_EXIT_FROM_LOOP))
return -1;
return 0;
#endif
}
int run_command_list(const char *cmd, int len, int flag)
{
int need_buff = 1;
char *buff = (char *)cmd; /* cast away const */
int rcode = 0;
if (len == -1) {
len = strlen(cmd);
#ifdef CONFIG_SYS_HUSH_PARSER
/* hush will never change our string */
need_buff = 0;
#else
/* the built-in parser will change our string if it sees \n */
need_buff = strchr(cmd, '\n') != NULL;
#endif
}
if (need_buff) {
buff = malloc(len + 1);
if (!buff)
return 1;
memcpy(buff, cmd, len);
buff[len] = '\0';
}
#ifdef CONFIG_SYS_HUSH_PARSER
rcode = parse_string_outer(buff, FLAG_PARSE_SEMICOLON);
#else
/*
* This function will overwrite any \n it sees with a \0, which
* is why it can't work with a const char *. Here we are making
* using of internal knowledge of this function, to avoid always
* doing a malloc() which is actually required only in a case that
* is pretty rare.
*/
rcode = cli_simple_run_command_list(buff, flag);
if (need_buff)
free(buff);
#endif
return rcode;
}
/****************************************************************************/
#if defined(CONFIG_CMD_RUN)
int do_run(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
{
int i;
if (argc < 2)
return CMD_RET_USAGE;
for (i = 1; i < argc; ++i) {
char *arg;
arg = getenv(argv[i]);
if (arg == NULL) {
printf("## Error: \"%s\" not defined\n", argv[i]);
return 1;
}
if (run_command(arg, flag | CMD_FLAG_ENV) != 0)
return 1;
}
return 0;
}
#endif
#ifdef CONFIG_OF_CONTROL
bool cli_process_fdt(const char **cmdp)
{
/* Allow the fdt to override the boot command */
char *env = fdtdec_get_config_string(gd->fdt_blob, "bootcmd");
if (env)
*cmdp = env;
/*
* If the bootsecure option was chosen, use secure_boot_cmd().
* Always use 'env' in this case, since bootsecure requres that the
* bootcmd was specified in the FDT too.
*/
return fdtdec_get_config_int(gd->fdt_blob, "bootsecure", 0) != 0;
}
/*
* Runs the given boot command securely. Specifically:
* - Doesn't run the command with the shell (run_command or parse_string_outer),
* since that's a lot of code surface that an attacker might exploit.
* Because of this, we don't do any argument parsing--the secure boot command
* has to be a full-fledged u-boot command.
* - Doesn't check for keypresses before booting, since that could be a
* security hole; also disables Ctrl-C.
* - Doesn't allow the command to return.
*
* Upon any failures, this function will drop into an infinite loop after
* printing the error message to console.
*/
void cli_secure_boot_cmd(const char *cmd)
{
cmd_tbl_t *cmdtp;
int rc;
if (!cmd) {
printf("## Error: Secure boot command not specified\n");
goto err;
}
/* Disable Ctrl-C just in case some command is used that checks it. */
disable_ctrlc(1);
/* Find the command directly. */
cmdtp = find_cmd(cmd);
if (!cmdtp) {
printf("## Error: \"%s\" not defined\n", cmd);
goto err;
}
/* Run the command, forcing no flags and faking argc and argv. */
rc = (cmdtp->cmd)(cmdtp, 0, 1, (char **)&cmd);
/* Shouldn't ever return from boot command. */
printf("## Error: \"%s\" returned (code %d)\n", cmd, rc);
err:
/*
* Not a whole lot to do here. Rebooting won't help much, since we'll
* just end up right back here. Just loop.
*/
hang();
}
#endif /* CONFIG_OF_CONTROL */
void cli_loop(void)
{
#ifdef CONFIG_SYS_HUSH_PARSER
parse_file_outer();
/* This point is never reached */
for (;;);
#else
cli_simple_loop();
#endif /*CONFIG_SYS_HUSH_PARSER*/
}
void cli_init(void)
{
#ifdef CONFIG_SYS_HUSH_PARSER
u_boot_hush_start();
#endif
#if defined(CONFIG_HUSH_INIT_VAR)
hush_init_var();
#endif
}