From 06d84b5198a77ccb90b3229982eeca192dd356f8 Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Fri, 27 Nov 2020 15:25:29 -0500 Subject: [PATCH] Only allow known-safe characters in socket paths MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The socket path will be included in a shell command and then as a socat argument, so only allow a small subset of known-safe characters. In practice, this has not been a problem because mktemp doesn’t include these characters in its output. --- qubes-rpc/qubes.ShowInTerminal | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/qubes-rpc/qubes.ShowInTerminal b/qubes-rpc/qubes.ShowInTerminal index d8cb758..f8b5f95 100644 --- a/qubes-rpc/qubes.ShowInTerminal +++ b/qubes-rpc/qubes.ShowInTerminal @@ -1,10 +1,11 @@ #!/bin/bash -- set -eu +umask 0077 tmpdir="$(mktemp -d)" -if [[ $tmpdir =~ \" ]]; then - echo 'Error: non admissible character detected in sock path.' +if ! [[ $tmpdir =~ ^/[/A-Za-z0-9._-]+$ ]]; then + echo 'Error: non admissible character detected in sock path.'>&2 exit 1 fi