diff mbox series

initramfs-framework: replace eval-based bootparam parser

Message ID 20260519090517.1201609-1-alexander.sverdlin@siemens.com
State New
Headers show
Series initramfs-framework: replace eval-based bootparam parser | expand

Commit Message

A. Sverdlin May 19, 2026, 9:04 a.m. UTC 
From: Alexander Sverdlin <alexander.sverdlin@siemens.com>

The bootparam parsing loop uses "eval" to set shell variables from
kernel command line parameters.  Since eval interprets its argument as
shell code, a crafted boot parameter such as:

  rootdelay=1";command;"

would be executed as arbitrary shell code during early init.

Replace the eval-based parser with a single sed invocation that
tokenizes /proc/cmdline (respecting double-quoted values) and feeds the
result to a while-read loop that uses only "export" for variable
assignment, which never interprets the value as code.

The sed script works as follows:
- Split the line at unquoted spaces into one token per line.  The regex
  treats sequences of non-space/non-quote chars, balanced "..." pairs,
  and lone " (for mid-value quotes) as atomic units that are never split.
- Strip outer quotes from whole-param-quoted tokens ("param=val").
- Strip balanced quotes around parameter values (key="val" -> key=val).
- Replace . and - with _ in parameter names (the key part before =),
  iterating until none remain.
- Print each processed token and loop (P/D).

Additional benefits:
- Whitespace inside quoted values is now preserved exactly as specified
  (the for-loop word-splitting collapsed multiple spaces)
- Reduced from 3+ sed/cut invocations per parameter to a single sed
  process for the entire command line

Co-developed-by: GitHub Copilot (Claude)
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@siemens.com>
---
 .../initrdscripts/initramfs-framework/init    | 61 ++++++++-----------
 1 file changed, 24 insertions(+), 37 deletions(-)
diff mbox series

Patch

diff --git a/meta/recipes-core/initrdscripts/initramfs-framework/init b/meta/recipes-core/initrdscripts/initramfs-framework/init
index 67590ad765..97ec62e2da 100755
--- a/meta/recipes-core/initrdscripts/initramfs-framework/init
+++ b/meta/recipes-core/initrdscripts/initramfs-framework/init
@@ -92,43 +92,30 @@  if [ -d $EFI_DIR ];then
 fi
 
 # populate bootparam environment
-for p in `cat /proc/cmdline`; do
-	if [ -n "$quoted" ]; then
-		p_rstripped=${p%\"}
-		value="$value $p_rstripped"
-		if [ "$p_rstripped" != "$p" ]; then
-			# End of a opt="word1 word2..." parameter 
-			eval "bootparam_${quoted}=\"${value}\""
-			unset quoted
-		fi
-		continue
-	fi
-
-	opt=`echo $p | cut -d'=' -f1`
-	opt=`echo $opt | sed -e 'y/.-/__/'`
-	if [ "`echo $p | cut -d'=' -f1`" = "$p" ]; then
-		# opt parameter
-		eval "bootparam_${opt}=true"
-	else
-		value="`echo $p | cut -d'=' -f2-`"	# Option value
-		value_lstripped=${value#\"}
-		value_rstripped=${value%\"}
-
-		if [ "$value_lstripped" != "$value" ] && [ "$value_rstripped" != "$value" ]; then
-			# opt="value" parameter
-			eval "bootparam_${opt}=${value_lstripped%\"}"
-			continue
-		fi
-
-		if [ "$value_lstripped" != "$value" ]; then
-			# Start of a opt="word1 word2..." parameter 
-			quoted=${opt}
-			value=${value_lstripped}
-			continue
-		fi
-		eval "bootparam_${opt}=\"${value}\""
-	fi
-done
+while IFS= read -r token; do
+	case "$token" in
+	*=*)
+		opt="${token%%=*}"
+		value="${token#*=}"
+		;;
+	*)
+		opt="$token"
+		value="true"
+		;;
+	esac
+	export "bootparam_${opt}=${value}"
+done <<EOF
+$(sed -E '
+s/^(([^ "]*|"[^"]*"|")*) +/\1\
+/
+s/^"(.*)"$/\1/
+s/^([^=]*)="(.*)"/\1=\2/
+:k
+s/^([^=.-]*)[.-]/\1_/
+tk
+P
+D' /proc/cmdline)
+EOF
 
 # use /dev with devtmpfs
 if grep -q devtmpfs /proc/filesystems; then