From 57855c659e3115efccec48bec2e448bbfe7033fb Mon Sep 17 00:00:00 2001
From: Demi Marie Obenour <demi@invisiblethingslab.com>
Date: Mon, 15 Apr 2024 17:18:57 -0400
Subject: [PATCH] qrexec-daemon: check for valid messages from clients

This catches messages that would otherwise cause qrexec-agent to
immediately terminate.  It also logs an error if there is a port number
in a non-MSG_SERVICE_CONNECT message, which should never happen.
---
 daemon/qrexec-daemon.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/daemon/qrexec-daemon.c b/daemon/qrexec-daemon.c
index 737d0f4f..846ac649 100644
--- a/daemon/qrexec-daemon.c
+++ b/daemon/qrexec-daemon.c
@@ -588,6 +588,19 @@ static int handle_cmdline_body_from_client(int fd, struct msg_header *hdr)
             goto terminate;
         }
         policy_pending[i].response_sent = RESPONSE_ALLOW;
+    } else {
+        if (hdr->type != MSG_JUST_EXEC && hdr->type != MSG_EXEC_CMDLINE) {
+            // Sending such a message would just cause the agent to terminate.
+            LOG(ERROR, "Invalid message type %" PRIu32 " from client", hdr->type);
+            goto terminate;
+        }
+        if (params->connect_port != 0) {
+            // This is wrong, so log it, but allow it in case any code relies
+            // on it.  I did not find any such code.
+            LOG(ERROR, "Client provided port %" PRIu32
+                    " in non-MSG_SERVICE_CONNECT request (type %" PRIu32 ")",
+                    params->connect_port, hdr->type);
+        }
     }
 
     if (!params->connect_port) {