qrexec-daemon: Do not check service identifier for DEFAULT: keyword

Service identifiers are not allowed to contain ":", so this cannot be triggered by a malicious VM, and the subsequent code is secure against malicious input, so it would be harmless even if it _could_ be triggered. Nevertheless, it is cleaner to not do the check.
QubesOS · Apr 28, 2024 · 4f1e524 · 4f1e524
1 parent e98ed7a
commit 4f1e524
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/daemon/qrexec-daemon.c b/daemon/qrexec-daemon.c
@@ -620,7 +620,9 @@ static int handle_cmdline_body_from_client(int fd, struct msg_header *hdr)
         }
     }
 
-    if (!strncmp(buf, default_user_keyword, default_user_keyword_len_without_colon+1)) {
+    if ((hdr->type != MSG_SERVICE_CONNECT) &&
+        (strncmp(buf, default_user_keyword, default_user_keyword_len_without_colon+1) == 0))
+    {
         use_default_user = 1;
         hdr->len -= default_user_keyword_len_without_colon;
         hdr->len += strlen(default_user);