From a7910fab71b19aa988ddccb5abac9eb3b94a582c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sun, 27 Mar 2016 04:21:38 +0200 Subject: [PATCH] qrexec: deny spaces in service domain name Fixes QubesOS/qubes-issues#1877 (cherry picked from commit ad28f4df625b536c8ce571ff1e7d6c8a7b96117b) --- qrexec/qrexec-daemon.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/qrexec/qrexec-daemon.c b/qrexec/qrexec-daemon.c index cf41f04..7eac63a 100644 --- a/qrexec/qrexec-daemon.c +++ b/qrexec/qrexec-daemon.c @@ -624,7 +624,7 @@ static int find_policy_pending_slot() { return -1; } -static void sanitize_name(char * untrusted_s_signed) +static void sanitize_name(char * untrusted_s_signed, char *extra_allowed_chars) { unsigned char * untrusted_s; for (untrusted_s=(unsigned char*)untrusted_s_signed; *untrusted_s; untrusted_s++) { @@ -634,7 +634,12 @@ static void sanitize_name(char * untrusted_s_signed) continue; if (*untrusted_s >= '0' && *untrusted_s <= '9') continue; - if (*untrusted_s == '$' || *untrusted_s == '_' || *untrusted_s == '-' || *untrusted_s == '.' || *untrusted_s == ' ') + if (*untrusted_s == '$' || + *untrusted_s == '_' || + *untrusted_s == '-' || + *untrusted_s == '.') + continue; + if (extra_allowed_chars && strchr(extra_allowed_chars, *untrusted_s)) continue; *untrusted_s = '_'; } @@ -661,9 +666,9 @@ static void handle_execute_service(void) ENSURE_NULL_TERMINATED(untrusted_params.service_name); ENSURE_NULL_TERMINATED(untrusted_params.target_domain); ENSURE_NULL_TERMINATED(untrusted_params.request_id.ident); - sanitize_name(untrusted_params.service_name); - sanitize_name(untrusted_params.target_domain); - sanitize_name(untrusted_params.request_id.ident); + sanitize_name(untrusted_params.service_name, ""); + sanitize_name(untrusted_params.target_domain, ""); + sanitize_name(untrusted_params.request_id.ident, " "); params = untrusted_params; /* sanitize end */