Git-Mirrors/qusal
1
0
Fork 0
mirror of https://github.com/ben-grande/qusal.git synced 2025-08-03 03:36:29 -04:00
Code Issues Projects Releases Packages Wiki Activity

fix: unstrusted input marking and sanitization

Browse source
This commit is contained in:
Ben Grande 2023-11-21 14:57:47 +00:00
parent 6314658c23
commit 5e53ed259f
No known key found for this signature in database
GPG key ID: 00C64E14F51F9E56
3 changed files with 54 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

22
salt/sys-ssh-agent/files/server/rpc/qusal.SshAgent
View file

@ -6,9 +6,25 @@
set -eu
#origin="$QREXEC_REMOTE_DOMAIN"
agent="$QREXEC_SERVICE_ARGUMENT"
untrusted_agent="$QREXEC_SERVICE_ARGUMENT"
if test -z "${untrusted_agent}"; then
echo "Agent name is empty" >&2
exit 1
fi
if ! (echo "${untrusted_agent}" | grep -q "^[A-Za-z0-9][A-Za-z0-9_.-]\+$")
then
die "Forbidden characters in agent name. Allowed chars: letters, numbers, hyphen, underscore and dot. It cannot begin with hyphen, underscore or dot"
fi
## Length arbitrarily set.
if test "${#untrusted_agent}" -gt 128; then
die "Repository name is too long: ${#untrusted_agent}"
fi
agent="${untrusted_agent}"
socket="/tmp/qubes-ssh-agent/${agent}.sock"
qvm-ssh-agent add "${agent}" >/dev/null
exec socat STDIO UNIX-CLIENT:"$socket"
exec socat STDIO UNIX-CLIENT:"${socket}"