From 852b44e984e593700d1ff4f86c2d15e6ff6518bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Tue, 2 Mar 2021 02:33:21 +0100
Subject: [PATCH] tools/qubesd-query: limit maximum payload size

Qubesd limits max payload to 64kb. Do the same in qubesd-query, to avoid
loading to memory potentially unbounded amount of data that would be
refused later anyway.

Reported by @DemiMarie
---
 qubes/tools/qubesd_query.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/qubes/tools/qubesd_query.py b/qubes/tools/qubesd_query.py
index 49de1d0a..57128ee3 100644
--- a/qubes/tools/qubesd_query.py
+++ b/qubes/tools/qubesd_query.py
@@ -6,6 +6,7 @@ import signal
 import sys
 
 QUBESD_SOCK = '/var/run/qubesd.sock'
+MAX_PAYLOAD_SIZE = 65536
 
 parser = argparse.ArgumentParser(
     description='low-level qubesd interrogation tool')
@@ -80,7 +81,17 @@ def main(args=None):
     loop = asyncio.get_event_loop()
 
     # pylint: disable=no-member
-    payload = sys.stdin.buffer.read() if args.payload else b''
+    if args.payload:
+        # read one byte more to check for too long payload,
+        # instead of silently truncating
+        payload = sys.stdin.buffer.read(MAX_PAYLOAD_SIZE + 1)
+        if len(payload) > MAX_PAYLOAD_SIZE:
+            parser.error('Payload too long (max {})'.format(MAX_PAYLOAD_SIZE))
+            # make sure to terminate, even if parser.error() would return
+            # for some reason
+            return 1
+    else:
+        payload = b''
     # pylint: enable=no-member
 
     coro = asyncio.ensure_future(qubesd_client(