From c95cd3a054240fec2f9400cb506f90ad0e7fd916 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Thu, 15 Aug 2013 00:01:56 +0200
Subject: [PATCH] qrexec: validate target domain (#743)

---
 qrexec/qrexec-policy | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/qrexec/qrexec-policy b/qrexec/qrexec-policy
index 879c337..1be1ecf 100755
--- a/qrexec/qrexec-policy
+++ b/qrexec/qrexec-policy
@@ -84,6 +84,20 @@ def is_domain_running(target):
         if domname == target:
             return True
     return False
+
+def validate_target(target):
+    # special targets
+    if target in ['$dispvm', 'dom0']:
+        return True
+
+    from qubes.qubes import QubesVmCollection
+
+    qc = QubesVmCollection()
+    qc.lock_db_for_reading()
+    qc.load()
+    qc.unlock_db()
+
+    return qc.get_vm_by_name(target) is not None
                 
 def spawn_target_if_necessary(target):
     if is_domain_running(target):
@@ -144,6 +158,13 @@ def main():
     exec_index=args[2]
     process_ident=args[3]
     
+    if not validate_target(target):
+        print >> sys.stderr, "Rpc failed (unknown domain):", domain, target, exec_index
+        text = "Domain '%s' doesn't exists (service %s called by domain %s)." % (
+                target, exec_index, domain)
+        subprocess.call(["/usr/bin/zenity", "--error", "--text", text])
+        os.execl(QREXEC_CLIENT, "qrexec-client", "-d", domain, "-l", "/bin/false", "-c", process_ident)
+
     policy_list=read_policy_file(exec_index)
     if policy_list==None:
         policy_editor(domain, target, exec_index)