Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

vif-route-qubes: better input validation

Browse Source 
The input is trusted, but this will help debugging if something goes
wrong.
This commit is contained in:
Demi Marie Obenour 2020-11-13 13:15:24 -05:00
parent 9646acb18e
commit 791b08c2ec
No known key found for this signature in database
GPG Key ID: 28A45C93B0B5B6E0
1 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
network/vif-route-qubes
View File

@ -112,16 +112,28 @@ case "$command" in
;; ;;
esac esac
[[ $vif =~ ^vif([0-9]+)\.([0-9]+)$ ]] || exit 1 readonly max_domid=32752
# if domid is 0 something is seriously wrong, so dont check for that case
if ! [[ $vif =~ ^vif([1-9][0-9]{,4})\.(0|[1-9][0-9]*)$ ]]; then
printf 'Bad interface name %q\n' "$vif">&2
exit 1
fi
domid=${BASH_REMATCH[1]} sub=${BASH_REMATCH[2]} domid=${BASH_REMATCH[1]} sub=${BASH_REMATCH[2]}
# metric must be possitive, but prefer later interface
# metric must be positive, but prefer later interface
# 32752 is max XID aka domid # 32752 is max XID aka domid
metric=$(( 32752 - domid )) if (( domid > max_domid )); then
printf %s\\n "domid $domid too large"
exit 1
fi
metric=$(( max_domid - domid ))
# add anti-spoofing rules before enabling the interface # add anti-spoofing rules before enabling the interface
if [ "${ip}" ]; then if [ "${ip}" ]; then
# If we've been given a list of IP addresses, then add routes from dom0 to # If weve been given a list of IP addresses, then add routes from us to
# the guest using those addresses. # the VMs we serve using those addresses.
for addr in ${ip}; for addr in ${ip};
do do
if [[ "$addr" = *:* ]]; then if [[ "$addr" = *:* ]]; then