qrexec: deny spaces in service domain name

Fixes QubesOS/qubes-issues#1877

qrexec/qrexec-daemon.c

@@ -624,7 +624,7 @@ static int find_policy_pending_slot() {
     return -1;
 }
 
-static void sanitize_name(char * untrusted_s_signed)
+static void sanitize_name(char * untrusted_s_signed, char *extra_allowed_chars)
 {
     unsigned char * untrusted_s;
     for (untrusted_s=(unsigned char*)untrusted_s_signed; *untrusted_s; untrusted_s++) {
@@ -634,7 +634,12 @@ static void sanitize_name(char * untrusted_s_signed)
             continue;
         if (*untrusted_s >= '0' && *untrusted_s <= '9')
             continue;
-        if (*untrusted_s == '$' || *untrusted_s == '_' || *untrusted_s == '-' || *untrusted_s == '.' || *untrusted_s == ' ')
+        if (*untrusted_s == '$' ||
+               *untrusted_s == '_' ||
+               *untrusted_s == '-' ||
+               *untrusted_s == '.')
+            continue;
+        if (extra_allowed_chars && strchr(extra_allowed_chars, *untrusted_s))
             continue;
         *untrusted_s = '_';
     }
@@ -661,9 +666,9 @@ static void handle_execute_service(void)
     ENSURE_NULL_TERMINATED(untrusted_params.service_name);
     ENSURE_NULL_TERMINATED(untrusted_params.target_domain);
     ENSURE_NULL_TERMINATED(untrusted_params.request_id.ident);
-    sanitize_name(untrusted_params.service_name);
-    sanitize_name(untrusted_params.target_domain);
-    sanitize_name(untrusted_params.request_id.ident);
+    sanitize_name(untrusted_params.service_name, "");
+    sanitize_name(untrusted_params.target_domain, "");
+    sanitize_name(untrusted_params.request_id.ident, " ");
     params = untrusted_params;
     /* sanitize end */