Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don’t rely on an arbitrary length limit

Browse Source 
We can check for overlong domids without hardcoding the length in a
regex.  Just check if the length is longer than that of the max XID.
This commit is contained in:
Demi Marie Obenour 2020-12-17 23:39:19 -05:00
parent c09909c702
commit e5b56b96c4
No known key found for this signature in database
GPG Key ID: 28A45C93B0B5B6E0
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
network/vif-route-qubes
View File

@ -97,7 +97,7 @@ readonly max_domid=32752
# In fact, some test setups, including OpenQA, actually do this. Therefore, we # In fact, some test setups, including OpenQA, actually do this. Therefore, we
# now handle this case correctly, even though it is by definition a security # now handle this case correctly, even though it is by definition a security
# risk. # risk.
if ! [[ $vif =~ ^vif(0|[1-9][0-9]{,4})\.(0|[1-9][0-9]*)$ ]]; then if ! [[ $vif =~ ^vif(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)$ ]]; then
printf 'Bad interface name %q\n' "$vif">&2 printf 'Bad interface name %q\n' "$vif">&2
exit 1 exit 1
fi fi
@ -106,7 +106,8 @@ domid=${BASH_REMATCH[1]} sub=${BASH_REMATCH[2]}
# metric must be positive, but prefer later interface # metric must be positive, but prefer later interface
# 32752 is max XID aka domid # 32752 is max XID aka domid
if (( domid > max_domid )); then # the length check ensures there is no overflow
if (( "${#domid}" > "${#max_domid}" || domid > max_domid )); then
printf %s\\n "domid $domid too large" printf %s\\n "domid $domid too large"
exit 1 exit 1
fi fi