qrexec-daemon: Do not check service identifier for DEFAULT: keyword

DemiMarie · DemiMarie · commit 4f1e524f3627 · 2024-04-27T21:46:48.000-04:00
Service identifiers are not allowed to contain ":", so this cannot be
triggered by a malicious VM, and the subsequent code is secure against
malicious input, so it would be harmless even if it _could_ be
triggered.  Nevertheless, it is cleaner to not do the check.
diff --git a/daemon/qrexec-daemon.c b/daemon/qrexec-daemon.c
@@ -620,7 +620,9 @@ static int handle_cmdline_body_from_client(int fd, struct msg_header *hdr)
         }
     }
 
-    if (!strncmp(buf, default_user_keyword, default_user_keyword_len_without_colon+1)) {
+    if ((hdr->type != MSG_SERVICE_CONNECT) &&
+        (strncmp(buf, default_user_keyword, default_user_keyword_len_without_colon+1) == 0))
+    {
         use_default_user = 1;
         hdr->len -= default_user_keyword_len_without_colon;
         hdr->len += strlen(default_user);

Original file line number	Diff line number	Diff line change
`@@ -620,7 +620,9 @@ static int handle_cmdline_body_from_client(int fd, struct msg_header *hdr)`
`620`	`620`	`}`
`621`	`621`	`}`
`622`	`622`
`623`		`- if (!strncmp(buf, default_user_keyword, default_user_keyword_len_without_colon+1)) {`
	`623`	`+ if ((hdr->type != MSG_SERVICE_CONNECT) &&`
	`624`	`+ (strncmp(buf, default_user_keyword, default_user_keyword_len_without_colon+1) == 0))`
	`625`	`+ {`
`624`	`626`	`use_default_user = 1;`
`625`	`627`	`hdr->len -= default_user_keyword_len_without_colon;`
`626`	`628`	`hdr->len += strlen(default_user);`