Verify if service names are not too long

Reject them before actually setting them. But if there is already some too-long set, ignore it with a warning instead of breaking VM startup. And also remove test for too strict verification.
QubesOS · May 31, 2024 · cf8a863 · cf8a863
1 parent 0ec452e
commit cf8a863
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 7 deletions.
diff --git a/qubes/ext/services.py b/qubes/ext/services.py
@@ -62,6 +62,12 @@ def on_domain_qdb_create(self, vm, event):
             if not feature.startswith('service.'):
                 continue
             service = feature[len('service.'):]
+            if not service:
+                vm.log.warning("Empty service name, ignoring: " + service)
+                continue
+            if len(service) > 48:
+                vm.log.warning("Too long service name, ignoring: " + service)
+                continue
             # forcefully convert to '0' or '1'
             vm.untrusted_qdb.write('/qubes-service/{}'.format(service),
                                    str(int(bool(value))))
@@ -70,6 +76,21 @@ def on_domain_qdb_create(self, vm, event):
         vm.untrusted_qdb.write('/qubes-service/meminfo-writer',
                                '1' if vm.maxmem > 0 else '0')
 
+    @qubes.ext.handler('domain-feature-pre-set:*')
+    def on_domain_feature_pre_set(self, vm, event, feature,
+            value, oldvalue=None):
+        """Check if service name is compatible with QubesDB"""
+        # pylint: disable=unused-argument
+        if not feature.startswith('service.'):
+            return
+        service = feature[len('service.'):]
+        if not service:
+            raise qubes.exc.QubesValueError(
+                    'Service name cannot be empty')
+        if len(service) > 48:
+            raise qubes.exc.QubesValueError(
+                    'Service name must not exceed 48 bytes')
+
     @qubes.ext.handler('domain-feature-set:*')
     def on_domain_feature_set(self, vm, event, feature, value, oldvalue=None):
         """Update /qubes-service/ QubesDB tree in runtime"""

diff --git a/qubes/tests/api_admin.py b/qubes/tests/api_admin.py
@@ -1403,13 +1403,6 @@ def test_323_feature_set_service_too_long(self):
         self.assertNotIn('test-feature', self.vm.features)
         self.assertFalse(self.app.save.called)
 
-    def test_324_feature_set_service_bad_name(self):
-        with self.assertRaises(qubes.exc.QubesValueError):
-            self.call_mgmt_func(b'admin.vm.feature.Set',
-                b'test-vm1', b'service.0')
-        self.assertNotIn('test-feature', self.vm.features)
-        self.assertFalse(self.app.save.called)
-
     def test_325_feature_set_service_empty_name(self):
         with self.assertRaises(qubes.exc.QubesValueError):
             self.call_mgmt_func(b'admin.vm.feature.Set',