From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Peter Jones <pjones@redhat.com> Date: Fri, 19 Oct 2018 10:57:52 -0400 Subject: [PATCH] Fix menu entry selection based on ID and title Currently if grub_strtoul(saved_entry_value, NULL, 0) does not return an error, we assume the value it has produced is a correct index into our menu entry list, and do not try to interpret the value as the "id" or "title" . In cases where "id" or "title" start with a numeral, this makes them impossible to use as selection criteria. This patch splits the search into three phases - matching id, matching title, and only once those have been exhausted, trying to interpret the ID as a numeral. In that case, we also require that the entire string is numeric, not merely a string with leading numeric characters. Resolves: rhbz#1640979 --- grub-core/normal/menu.c | 146 +++++++++++++++++++++++++----------------------- 1 file changed, 75 insertions(+), 71 deletions(-) diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c index 6cb2a0714..95f7abaf2 100644 --- a/grub-core/normal/menu.c +++ b/grub-core/normal/menu.c @@ -164,12 +164,12 @@ grub_menu_set_timeout (int timeout) } static int -menuentry_eq (const char *id, const char *spec) +menuentry_eq (const char *id, const char *spec, int limit) { const char *ptr1, *ptr2; ptr1 = id; ptr2 = spec; - while (1) + while (limit == -1 || ptr1 - id <= limit) { if (*ptr2 == '>' && ptr2[1] != '>' && *ptr1 == 0) return ptr2 - spec; @@ -178,7 +178,11 @@ menuentry_eq (const char *id, const char *spec) if (*ptr2 == '>') ptr2++; if (*ptr1 != *ptr2) - return 0; + { + if (limit > -1 && ptr1 - id == limit && !*ptr1 && grub_isspace(*ptr2)) + return ptr1 -id -1; + return 0; + } if (*ptr1 == 0) return ptr1 - id; ptr1++; @@ -187,6 +191,61 @@ menuentry_eq (const char *id, const char *spec) return 0; } +static int +get_entry_number_helper(grub_menu_t menu, + const char * const val, const char ** const tail) +{ + /* See if the variable matches the title of a menu entry. */ + int entry = -1; + grub_menu_entry_t e; + int i; + + for (i = 0, e = menu->entry_list; e; i++) + { + int l = 0; + while (val[l] && !grub_isspace(val[l])) + l++; + + if (menuentry_eq (e->id, val, l)) + { + if (tail) + *tail = val + l; + return i; + } + e = e->next; + } + + for (i = 0, e = menu->entry_list; e; i++) + { + int l = 0; + while (val[l] && !grub_isspace(val[l])) + l++; + + if (menuentry_eq (e->title, val, l)) + { + if (tail) + *tail = val + l; + return i; + } + e = e->next; + } + + if (tail) + *tail = NULL; + + entry = (int) grub_strtoul (val, tail, 0); + if (grub_errno == GRUB_ERR_BAD_NUMBER || + (*tail && **tail && !grub_isspace(**tail))) + { + entry = -1; + if (tail) + *tail = NULL; + grub_errno = GRUB_ERR_NONE; + } + + return entry; +} + /* Get the first entry number from the value of the environment variable NAME, which is a space-separated list of non-negative integers. The entry number which is returned is stripped from the value of NAME. If no entry number @@ -195,9 +254,8 @@ static int get_and_remove_first_entry_number (grub_menu_t menu, const char *name) { const char *val; - char *tail; + const char *tail; int entry; - int sz = 0; val = grub_env_get (name); if (! val) @@ -205,50 +263,24 @@ get_and_remove_first_entry_number (grub_menu_t menu, const char *name) grub_error_push (); - entry = (int) grub_strtoul (val, &tail, 0); + entry = get_entry_number_helper(menu, val, &tail); + if (!(*tail == 0 || grub_isspace(*tail))) + entry = -1; - if (grub_errno == GRUB_ERR_BAD_NUMBER) + if (entry >= 0) { - /* See if the variable matches the title of a menu entry. */ - grub_menu_entry_t e = menu->entry_list; - int i; - - for (i = 0; e; i++) - { - sz = menuentry_eq (e->title, val); - if (sz < 1) - sz = menuentry_eq (e->id, val); - - if (sz >= 1) - { - entry = i; - break; - } - e = e->next; - } - - if (sz > 0) - grub_errno = GRUB_ERR_NONE; - - if (! e) - entry = -1; - } - - if (grub_errno == GRUB_ERR_NONE) - { - if (sz > 0) - tail += sz; - /* Skip whitespace to find the next entry. */ while (*tail && grub_isspace (*tail)) tail++; - grub_env_set (name, tail); + if (*tail) + grub_env_set (name, tail); + else + grub_env_unset (name); } else { grub_env_unset (name); grub_errno = GRUB_ERR_NONE; - entry = -1; } grub_error_pop (); @@ -525,6 +557,7 @@ static int get_entry_number (grub_menu_t menu, const char *name) { const char *val; + const char *tail; int entry; val = grub_env_get (name); @@ -532,38 +565,9 @@ get_entry_number (grub_menu_t menu, const char *name) return -1; grub_error_push (); - - entry = (int) grub_strtoul (val, 0, 0); - - if (grub_errno == GRUB_ERR_BAD_NUMBER) - { - /* See if the variable matches the title of a menu entry. */ - grub_menu_entry_t e = menu->entry_list; - int i; - - grub_errno = GRUB_ERR_NONE; - - for (i = 0; e; i++) - { - if (menuentry_eq (e->title, val) - || menuentry_eq (e->id, val)) - { - entry = i; - break; - } - e = e->next; - } - - if (! e) - entry = -1; - } - - if (grub_errno != GRUB_ERR_NONE) - { - grub_errno = GRUB_ERR_NONE; - entry = -1; - } - + entry = get_entry_number_helper(menu, val, &tail); + if (*tail != '\0') + entry = -1; grub_error_pop (); return entry;