Check for empty source domain names

The source domain can never be the empty string. If it _is_ empty, the most likely cause is a bug in code that is generating the command, such as two or more spaces after the service descriptor. This could result in the parsed source domain being the empty string, while the domain passed to qubes-rpc-multiplexer is not empty. Instead of allowing this tricky-to-debug situation, fail the service call up front.
QubesOS · Apr 28, 2024 · ad72712 · ad72712
1 parent 71c1ae3
commit ad72712
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/libqrexec/exec.c b/libqrexec/exec.c
@@ -468,6 +468,10 @@ struct qrexec_parsed_command *parse_qubes_rpc_command(
 
         start = end + 1; /* after the space */
         end = strchrnul(start, ' ');
+        if (end <= start) {
+            LOG(ERROR, "Source domain is empty (too many spaces after service descriptor?)");
+            goto err;
+        }
         cmd->source_domain = memdupnul(start, (size_t)(end - start));
         if (!cmd->source_domain)
             goto err;