qrexec-daemon: check for valid messages from clients

This catches messages that would otherwise cause qrexec-agent to immediately terminate. It also logs an error if there is a port number in a non-MSG_SERVICE_CONNECT message, which should never happen.
QubesOS · Apr 28, 2024 · 57855c6 · 57855c6
1 parent 4f1e524
commit 57855c6
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/daemon/qrexec-daemon.c b/daemon/qrexec-daemon.c
@@ -588,6 +588,19 @@ static int handle_cmdline_body_from_client(int fd, struct msg_header *hdr)
             goto terminate;
         }
         policy_pending[i].response_sent = RESPONSE_ALLOW;
+    } else {
+        if (hdr->type != MSG_JUST_EXEC && hdr->type != MSG_EXEC_CMDLINE) {
+            // Sending such a message would just cause the agent to terminate.
+            LOG(ERROR, "Invalid message type %" PRIu32 " from client", hdr->type);
+            goto terminate;
+        }
+        if (params->connect_port != 0) {
+            // This is wrong, so log it, but allow it in case any code relies
+            // on it.  I did not find any such code.
+            LOG(ERROR, "Client provided port %" PRIu32
+                    " in non-MSG_SERVICE_CONNECT request (type %" PRIu32 ")",
+                    params->connect_port, hdr->type);
+        }
     }
 
     if (!params->connect_port) {