qubes: validate if property value consists of ASCII only earlier

Do this for all standard property types - even if other types do additional validation, do not expose them to non-ASCII characters. QubesOS/qubes-issues#2622
QubesOS · Jun 26, 2017 · 9198416 · 9198416
1 parent 65d15e6
commit 9198416
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/qubes/__init__.py b/qubes/__init__.py
@@ -331,11 +331,12 @@ def sanitize(self, *, untrusted_newvalue):
         # do not treat type='str' as sufficient validation
         if self.type is not None and self.type is not str:
             # assume specific type will preform enough validation
+            try:
+                untrusted_newvalue = untrusted_newvalue.decode('ascii',
+                    errors='strict')
+            except UnicodeDecodeError:
+                raise qubes.exc.QubesValueError
             if self.type is bool:
-                try:
-                    untrusted_newvalue = untrusted_newvalue.decode('ascii')
-                except UnicodeDecodeError:
-                    raise qubes.exc.QubesValueError
                 return self.bool(None, None, untrusted_newvalue)
             else:
                 try: