tools/qubesd-query: limit maximum payload size

Qubesd limits max payload to 64kb. Do the same in qubesd-query, to avoid
loading to memory potentially unbounded amount of data that would be
refused later anyway.

Reported by @DemiMarie
This commit is contained in:
Marek Marczykowski-Górecki 2021-03-02 02:33:21 +01:00
parent a0f82a2a93
commit 852b44e984
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724

View File

@ -6,6 +6,7 @@ import signal
import sys import sys
QUBESD_SOCK = '/var/run/qubesd.sock' QUBESD_SOCK = '/var/run/qubesd.sock'
MAX_PAYLOAD_SIZE = 65536
parser = argparse.ArgumentParser( parser = argparse.ArgumentParser(
description='low-level qubesd interrogation tool') description='low-level qubesd interrogation tool')
@ -80,7 +81,17 @@ def main(args=None):
loop = asyncio.get_event_loop() loop = asyncio.get_event_loop()
# pylint: disable=no-member # pylint: disable=no-member
payload = sys.stdin.buffer.read() if args.payload else b'' if args.payload:
# read one byte more to check for too long payload,
# instead of silently truncating
payload = sys.stdin.buffer.read(MAX_PAYLOAD_SIZE + 1)
if len(payload) > MAX_PAYLOAD_SIZE:
parser.error('Payload too long (max {})'.format(MAX_PAYLOAD_SIZE))
# make sure to terminate, even if parser.error() would return
# for some reason
return 1
else:
payload = b''
# pylint: enable=no-member # pylint: enable=no-member
coro = asyncio.ensure_future(qubesd_client( coro = asyncio.ensure_future(qubesd_client(