qubes: validate if property value consists of ASCII only earlier

Do this for all standard property types - even if other types do additional validation, do not expose them to non-ASCII characters. QubesOS/qubes-issues#2622
2017-06-26 12:55:44 +02:00 · 2017-06-26 12:55:44 +02:00 · 919841635b
commit 919841635b
parent 65d15e6040
1 changed files with 5 additions and 4 deletions
--- a/qubes/init.py
+++ b/qubes/init.py
@ -331,11 +331,12 @@ class property(object):  # pylint: disable=redefined-builtin,invalid-name
        # do not treat type='str' as sufficient validation
        if self.type is not None and self.type is not str:
            # assume specific type will preform enough validation
+            try:
+                untrusted_newvalue = untrusted_newvalue.decode('ascii',
+                    errors='strict')
+            except UnicodeDecodeError:
+                raise qubes.exc.QubesValueError
            if self.type is bool:
-                try:
-                    untrusted_newvalue = untrusted_newvalue.decode('ascii')
-                except UnicodeDecodeError:
-                    raise qubes.exc.QubesValueError
                return self.bool(None, None, untrusted_newvalue)
            else:
                try: