QubesOS/qubes-core-admin-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

qrexec: forbid '$' in target and service name

Browse Source 
Those parameters eventually may eventually be passed to a shell script
(at least /usr/lib/qubes/qubes-rpc-multiplexer). While it is possible to
properly escape shell special characters, lets do safer and less fragile
thing: forbid such characters entirely.
In case of target name, qrexec policy keywords are allowed, and after
recent change, those contains '@', so allow this char.
This commit is contained in:
Marek Marczykowski-Górecki 2018-02-16 05:21:02 +01:00
parent d54d953af1
commit c129ce2e4d
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
qrexec/qrexec-daemon.c
View File

@ -650,8 +650,7 @@ static void sanitize_name(char * untrusted_s_signed, char *extra_allowed_chars)
continue; continue;
if (*untrusted_s >= '0' && *untrusted_s <= '9') if (*untrusted_s >= '0' && *untrusted_s <= '9')
continue; continue;
if (*untrusted_s == '$' || if (*untrusted_s == '_' ||
*untrusted_s == '_' ||
*untrusted_s == '-' || *untrusted_s == '-' ||
*untrusted_s == '.') *untrusted_s == '.')
continue; continue;
@ -683,7 +682,7 @@ static void handle_execute_service(void)
ENSURE_NULL_TERMINATED(untrusted_params.target_domain); ENSURE_NULL_TERMINATED(untrusted_params.target_domain);
ENSURE_NULL_TERMINATED(untrusted_params.request_id.ident); ENSURE_NULL_TERMINATED(untrusted_params.request_id.ident);
sanitize_name(untrusted_params.service_name, "+"); sanitize_name(untrusted_params.service_name, "+");
sanitize_name(untrusted_params.target_domain, ":"); sanitize_name(untrusted_params.target_domain, "@:");
sanitize_name(untrusted_params.request_id.ident, " "); sanitize_name(untrusted_params.request_id.ident, " ");
params = untrusted_params; params = untrusted_params;
/* sanitize end */ /* sanitize end */