qrexec: deny spaces in service domain name

Fixes QubesOS/qubes-issues#1877
2016-03-27 04:21:38 +02:00 · 2016-03-27 04:21:38 +02:00 · ad28f4df62
commit ad28f4df62
parent 3acfb8e4b3
1 changed files with 10 additions and 5 deletions
--- a/qrexec/qrexec-daemon.c
+++ b/qrexec/qrexec-daemon.c
@ -624,7 +624,7 @@ static int find_policy_pending_slot() {
    return -1;
 }
-static void sanitize_name(char * untrusted_s_signed)
+static void sanitize_name(char * untrusted_s_signed, char *extra_allowed_chars)
 {
    unsigned char * untrusted_s;
    for (untrusted_s=(unsigned char*)untrusted_s_signed; *untrusted_s; untrusted_s++) {
@ -634,7 +634,12 @@ static void sanitize_name(char * untrusted_s_signed)
            continue;
        if (*untrusted_s >= '0' && *untrusted_s <= '9')
            continue;
-        if (*untrusted_s == '$' || *untrusted_s == '_' || *untrusted_s == '-' || *untrusted_s == '.' || *untrusted_s == ' ')
+        if (*untrusted_s == '$' ||
               *untrusted_s == '_' ||
               *untrusted_s == '-' ||
               *untrusted_s == '.')
            continue;
        if (extra_allowed_chars && strchr(extra_allowed_chars, *untrusted_s))
            continue;
        *untrusted_s = '_';
    }
@ -661,9 +666,9 @@ static void handle_execute_service(void)
    ENSURE_NULL_TERMINATED(untrusted_params.service_name);
    ENSURE_NULL_TERMINATED(untrusted_params.target_domain);
    ENSURE_NULL_TERMINATED(untrusted_params.request_id.ident);
-    sanitize_name(untrusted_params.service_name);
+    sanitize_name(untrusted_params.service_name, "");
-    sanitize_name(untrusted_params.target_domain);
+    sanitize_name(untrusted_params.target_domain, "");
-    sanitize_name(untrusted_params.request_id.ident);
+    sanitize_name(untrusted_params.request_id.ident, " ");
    params = untrusted_params;
    /* sanitize end */