Skip to content

Commit

Permalink
Reject bidirectional text
Browse files Browse the repository at this point in the history
It is significant attack surface.  ICU is used to implement the needed
checks.
  • Loading branch information
DemiMarie committed Jan 31, 2023
1 parent e685bf3 commit 828c509
Show file tree
Hide file tree
Showing 5 changed files with 38 additions and 5 deletions.
4 changes: 2 additions & 2 deletions archlinux/PKGBUILD
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ arch=("x86_64")
url="http://qubes-os.org/"
license=('GPL')
groups=()
makedepends=(gcc make pkgconfig 'python-setuptools' qubes-vm-xen qubes-libvchan-xen)
makedepends=(gcc make pkgconfig 'python-setuptools' qubes-vm-xen qubes-libvchan-xen icu)
checkdepends=()
optdepends=()
provides=()
Expand All @@ -40,7 +40,7 @@ make all
}

package_qubes-vm-utils() {
depends=(graphicsmagick python-cairo python-pillow python-numpy)
depends=(graphicsmagick python-cairo python-pillow python-numpy icu)
install=PKGBUILD-qubes-vm-utils.install

make install "DESTDIR=$pkgdir" LIBDIR=/usr/lib SYSLIBDIR=/usr/lib SBINDIR=/usr/bin
Expand Down
1 change: 1 addition & 0 deletions debian/control
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ Build-Depends:
libxen-dev,
pkg-config,
python3-setuptools,
libicu-dev
Standards-Version: 4.4.0.1
Homepage: https://www.qubes-os.org
Vcs-Git: https://github.com/QubesOS/qubes-linux-utils.git
Expand Down
3 changes: 2 additions & 1 deletion qrexec-lib/Makefile
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
CC=gcc
CFLAGS+=-I. -g -O2 -Wall -Wextra -Werror -pie -fPIC
CFLAGS+=-I. -g -O2 -Wall -Wextra -Werror -pie -fPIC $(shell pkg-config --cflags icu-uc)
SO_VER=2
LDFLAGS+=-shared
LDLIBS += $(shell pkg-config --libs icu-uc)
.PHONY: all clean install
objs := ioall.o copy-file.o crc32.o unpack.o pack.o

Expand Down
34 changes: 32 additions & 2 deletions qrexec-lib/unpack.c
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
#define _GNU_SOURCE /* For O_NOFOLLOW. */
#define U_HIDE_DEPRECATED_API U_HIDE_DEPRECATED_API
#include <errno.h>
#include <fcntl.h>
#include <sys/time.h>
Expand All @@ -12,6 +13,11 @@
#include <assert.h>
#include <err.h>
#include <inttypes.h>

#include <unicode/uchar.h>
#include <unicode/uscript.h>
#include <unicode/utf.h>

#include "libqubes-rpc-filecopy.h"
#include "ioall.h"
#include "crc32.h"
Expand Down Expand Up @@ -184,7 +190,7 @@ static int validate_utf8_char(const unsigned char *untrusted_c) {
* UTF8-1 = %x20-7F
* UTF8-2 = %xC2-DF UTF8-tail
* UTF8-3 = %xE0 %xA0-BF UTF8-tail / %xE1-EF 2( UTF8-tail )
* UTF8-4 = %xF0 %x90-BF 2( UTF8-tail ) / %xF1-F4 3( UTF8-tail ) /
* UTF8-4 = %xF0 %x90-BF 2( UTF8-tail ) / %xF1-F4 3( UTF8-tail )
* UTF8-tail = %x80-BF
*
* The differences are:
Expand Down Expand Up @@ -239,12 +245,36 @@ static int validate_utf8_char(const unsigned char *untrusted_c) {
code_point = code_point << 6 | (*untrusted_c & 0x3F);
}

/*
* Validate that this is a Unicode codepoint that can be assigned a
* character. This catches surrogates, code points beyond 0x10FFFF, and
* various noncharacters.
*/
if (!(U_IS_UNICODE_CHAR(code_point)))
return 0;

switch (code_point) {
#include "unpack-table.c"
return 0; // Invalid UTF-8 or forbidden codepoint
default:
return total_size;
break;
}

uint32_t s = u_charDirection(code_point);
switch (s) {
case U_WHITE_SPACE_NEUTRAL:
case U_OTHER_NEUTRAL:
case U_EUROPEAN_NUMBER_TERMINATOR:
case U_EUROPEAN_NUMBER_SEPARATOR:
case U_COMMON_NUMBER_SEPARATOR:
case U_EUROPEAN_NUMBER:
case U_LEFT_TO_RIGHT:
break;
default:
/* Not safe */
return 0;
}
return total_size;
}

static size_t validate_path(const char *const untrusted_name, size_t allowed_leading_dotdot)
Expand Down
1 change: 1 addition & 0 deletions rpm_spec/qubes-utils.spec.in
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ Development header and files for qubes-utils
%package libs
Summary: Qubes utils libraries
Release: 1%{?dist}
BuildRequires: pkgconfig(icu-uc)

%description libs
Libraries for qubes-utils
Expand Down

0 comments on commit 828c509

Please sign in to comment.