From 919841635b8aa0931493f095dec9a18d9a060936 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Mon, 26 Jun 2017 12:55:44 +0200
Subject: [PATCH] qubes: validate if property value consists of ASCII only
 earlier

Do this for all standard property types - even if other types do
additional validation, do not expose them to non-ASCII characters.

QubesOS/qubes-issues#2622
---
 qubes/__init__.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/qubes/__init__.py b/qubes/__init__.py
index 7f9337707..15934b2b4 100644
--- a/qubes/__init__.py
+++ b/qubes/__init__.py
@@ -331,11 +331,12 @@ def sanitize(self, *, untrusted_newvalue):
         # do not treat type='str' as sufficient validation
         if self.type is not None and self.type is not str:
             # assume specific type will preform enough validation
+            try:
+                untrusted_newvalue = untrusted_newvalue.decode('ascii',
+                    errors='strict')
+            except UnicodeDecodeError:
+                raise qubes.exc.QubesValueError
             if self.type is bool:
-                try:
-                    untrusted_newvalue = untrusted_newvalue.decode('ascii')
-                except UnicodeDecodeError:
-                    raise qubes.exc.QubesValueError
                 return self.bool(None, None, untrusted_newvalue)
             else:
                 try: