Send 1 byte over clipboard max to trigger reject

If vmside clipboard is over the maximum limit, sending one byte over maximum limit should trigger inter-vm clipboard rejection instead of truncation. fixes: QubesOS/qubes-issues#9296
QubesOS · Oct 7, 2024 · 533f47c · 533f47c
1 parent bc2f589
commit 533f47c
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 5 deletions.
diff --git a/gui-agent/vmside.c b/gui-agent/vmside.c
@@ -980,14 +980,23 @@ static void process_xevent_configure(Ghandles * g, XID window,
     send_pixmap_grant_refs(g, window);
 }
 
-static void send_clipboard_data(libvchan_t *vchan, XID window, char *data, uint32_t len)
+static void send_clipboard_data(libvchan_t *vchan, XID window, char *data, uint32_t len, int protocol_version)
 {
     struct msg_hdr hdr;
     hdr.type = MSG_CLIPBOARD_DATA;
     hdr.window = window;
     if (len > MAX_CLIPBOARD_SIZE)
     {
-        len = MAX_CLIPBOARD_SIZE;
+        if (protocol_version >= QUBES_GUID_MIN_CLIPBOARD_4X) {
+            // xside is capable of receiving (up to) 4X of the previous size.
+            // it is also smarter. send one byte over the Maximum limit.
+            // A simple sign for xside to reject it.
+            len = MAX_CLIPBOARD_SIZE + 1;
+        } else {
+            // The dumb case. Truncate the data to the old size. User will lose
+            // some inter-vm clipboard data without being notified.
+            len = 65000;
+        }
     }
     hdr.untrusted_len = len;
     write_struct(vchan, hdr);
@@ -1052,7 +1061,7 @@ static void process_xevent_selection(Ghandles * g, XSelectionEvent * ev)
                 g->utf8_string_atom, g->qprop,
                 g->stub_win, ev->time);
     else
-        send_clipboard_data(g->vchan, g->stub_win, (char *) data, len);
+        send_clipboard_data(g->vchan, g->stub_win, (char *) data, len, g->protocol_version);
     /* even if the clipboard owner does not support UTF8 and we requested
        XA_STRING, it is fine - ascii is legal UTF8 */
     XFree(data);
@@ -2097,7 +2106,7 @@ static void handle_clipboard_req(Ghandles * g, XID winid)
         fprintf(stderr, "clipboard req, owner=0x%x\n",
                 (int) owner);
     if (owner == None) {
-        send_clipboard_data(g->vchan, winid, NULL, 0);
+        send_clipboard_data(g->vchan, winid, NULL, 0, g->protocol_version);
         return;
     }
     XConvertSelection(g->display, Clp, g->targets, g->qprop, g->stub_win, g->time);

diff --git a/rpm_spec/gui-agent.spec.in b/rpm_spec/gui-agent.spec.in
@@ -71,7 +71,7 @@ BuildRequires:	mesa-libgbm-devel
 %endif
 BuildRequires:	pam-devel
 BuildRequires:	qubes-libvchan-devel
-BuildRequires:	qubes-gui-common-devel >= 4.1.0
+BuildRequires:	qubes-gui-common-devel >= 4.2.6
 BuildRequires:	qubes-db-devel
 BuildRequires:	xen-devel
 BuildRequires:	systemd-rpm-macros