Slightly better validation of data from dom0

At least call abort(). (cherry picked from commit af828db)
QubesOS · May 12, 2023 · 558ade2 · 558ade2
1 parent c5ab6cb
commit 558ade2
Showing 1 changed file with 8 additions and 5 deletions.
diff --git a/agent/qrexec-agent.c b/agent/qrexec-agent.c
@@ -603,15 +603,18 @@ static int wait_for_session_maybe(char *cmdline) {
 static void handle_server_exec_request_init(struct msg_header *hdr)
 {
     struct exec_params params;
-    int buf_len = hdr->len-sizeof(params);
+    if (hdr->len < sizeof(params))
+        abort();
+    size_t buf_len = hdr->len - sizeof(params);
+    if (buf_len > INT_MAX)
+        abort();
     char *buf = malloc(buf_len);
-    if (!buf) abort();
-
-    assert((hdr->len >= sizeof params));
+    if (!buf)
+        abort();
 
     if (libvchan_recv(ctrl_vchan, &params, sizeof(params)) != sizeof(params))
         handle_vchan_error("read exec params");
-    if (libvchan_recv(ctrl_vchan, buf, buf_len) != buf_len)
+    if (libvchan_recv(ctrl_vchan, buf, (int)buf_len) != (int)buf_len)
         handle_vchan_error("read exec cmd");
 
     buf[buf_len-1] = 0;