Skip to content

Commit 71c1ae3

Browse files
DemiMarieDemiMarie
committed
Ensure consistent treatment of "QUBESRPC" followed by non-space
parse_qubes_rpc_command() would not treat this as a service call, whereas exec_qubes_rpc_if_requested() would. Therefore, the command would be executed as a service call, but the usual check for socket-based services would be skipped. Furthermore, exec_qubes_rpc_if_requested() would silently ignore everything after "QUBESRPC" until the first space or the end of the string. To avoid this inconsistent behavior, ensure that both execute_qubes_rpc_if_requested() and parse_qubes_rpc_command() detect this situation and fail the service call. There are no tests for QUBESRPC followed by a non-space so the current behavior is almost certainly not intentional. There are no tests for the new behavior, either, but an error condition is very unlikely to be accidentally depended on.
1 parent b115494 commit 71c1ae3

File tree

1 file changed

+14
-4
lines changed

1 file changed

+14
-4
lines changed

libqrexec/exec.c

+14-4
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,11 @@ void exec_qubes_rpc_if_requested(const char *prog, char *const envp[]) {
5454
char *argv[16]; // right now 6 are used, but allow future extensions
5555
size_t i = 0;
5656

57+
if (prog[RPC_REQUEST_COMMAND_LEN] != ' ') {
58+
LOG(ERROR, "\"" RPC_REQUEST_COMMAND "\" not followed by space");
59+
_exit(126);
60+
}
61+
5762
prog_copy = strdup(prog);
5863
if (!prog_copy) {
5964
PERROR("strdup");
@@ -404,13 +409,18 @@ struct qrexec_parsed_command *parse_qubes_rpc_command(
404409
} else
405410
cmd->nogui = false;
406411

407-
/* If the command starts with "QUBESRPC ", parse service descriptor */
408-
if (strncmp(cmd->command, RPC_REQUEST_COMMAND " ",
409-
RPC_REQUEST_COMMAND_LEN + 1) == 0) {
412+
/* If the command starts with "QUBESRPC", parse service descriptor */
413+
if (strncmp(cmd->command, RPC_REQUEST_COMMAND,
414+
RPC_REQUEST_COMMAND_LEN) == 0) {
410415
const char *start, *end;
411416

412-
/* Parse service descriptor ("qubes.Service+arg") */
417+
/* Check for space after "QUBESRPC" */
418+
if (cmd->command[RPC_REQUEST_COMMAND_LEN] != ' ') {
419+
LOG(ERROR, "\"" RPC_REQUEST_COMMAND "\" not followed by space");
420+
goto err;
421+
}
413422

423+
/* Parse service descriptor ("qubes.Service+arg") */
414424
start = cmd->command + RPC_REQUEST_COMMAND_LEN + 1;
415425
end = strchr(start, ' ');
416426
if (!end) {

0 commit comments

Comments
 (0)