Check for empty source domain names

DemiMarie · DemiMarie · commit ad7271227f6e · 2024-04-27T21:46:47.000-04:00
The source domain can never be the empty string.  If it _is_ empty, the
most likely cause is a bug in code that is generating the command, such
as two or more spaces after the service descriptor.  This could result
in the parsed source domain being the empty string, while the domain
passed to qubes-rpc-multiplexer is not empty.  Instead of allowing this
tricky-to-debug situation, fail the service call up front.
diff --git a/libqrexec/exec.c b/libqrexec/exec.c
@@ -468,6 +468,10 @@ struct qrexec_parsed_command *parse_qubes_rpc_command(
 
         start = end + 1; /* after the space */
         end = strchrnul(start, ' ');
+        if (end <= start) {
+            LOG(ERROR, "Source domain is empty (too many spaces after service descriptor?)");
+            goto err;
+        }
         cmd->source_domain = memdupnul(start, (size_t)(end - start));
         if (!cmd->source_domain)
             goto err;
