qrexec: forbid '$' in target and service name
Those parameters eventually may eventually be passed to a shell script (at least /usr/lib/qubes/qubes-rpc-multiplexer). While it is possible to properly escape shell special characters, lets do safer and less fragile thing: forbid such characters entirely. In case of target name, qrexec policy keywords are allowed, and after recent change, those contains '@', so allow this char. (cherry picked from commit cf28dad1943bd424b2ed23000cdcfd32d8e3190c)
This commit is contained in:
Marek Marczykowski-Górecki
parent
e6d8b52197
commit
f481671782
@ -632,8 +632,7 @@ static void sanitize_name(char * untrusted_s_signed, char *extra_allowed_chars)
|
|||||||
continue;
|
continue;
|
||||||
if (*untrusted_s >= '0' && *untrusted_s <= '9')
|
if (*untrusted_s >= '0' && *untrusted_s <= '9')
|
||||||
continue;
|
continue;
|
||||||
if (*untrusted_s == '$' ||
|
if (*untrusted_s == '_' ||
|
||||||
*untrusted_s == '_' ||
|
|
||||||
*untrusted_s == '-' ||
|
*untrusted_s == '-' ||
|
||||||
*untrusted_s == '.')
|
*untrusted_s == '.')
|
||||||
continue;
|
continue;
|
||||||
@ -665,7 +664,7 @@ static void handle_execute_service(void)
|
|||||||
ENSURE_NULL_TERMINATED(untrusted_params.target_domain);
|
ENSURE_NULL_TERMINATED(untrusted_params.target_domain);
|
||||||
ENSURE_NULL_TERMINATED(untrusted_params.request_id.ident);
|
ENSURE_NULL_TERMINATED(untrusted_params.request_id.ident);
|
||||||
sanitize_name(untrusted_params.service_name, "+");
|
sanitize_name(untrusted_params.service_name, "+");
|
||||||
sanitize_name(untrusted_params.target_domain, "");
|
sanitize_name(untrusted_params.target_domain, "@");
|
||||||
sanitize_name(untrusted_params.request_id.ident, " ");
|
sanitize_name(untrusted_params.request_id.ident, " ");
|
||||||
params = untrusted_params;
|
params = untrusted_params;
|
||||||
/* sanitize end */
|
/* sanitize end */
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user