Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Data pasted from secure clipboard cannot be used on kali linux (and other occasions) #8937

Closed
ptitdoc opened this issue Feb 13, 2024 · 4 comments · Fixed by QubesOS/qubes-gui-agent-linux#210
Closed

Data pasted from secure clipboard cannot be used on kali linux (and other occasions) #8937

ptitdoc opened this issue Feb 13, 2024 · 4 comments · Fixed by QubesOS/qubes-gui-agent-linux#210
Assignees
@DemiMarie
Labels
affects-4.2 This issue affects Qubes OS 4.2. C: gui-virtualization diagnosed Technical diagnosis has been performed (see issue comments). P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. pr submitted A pull request has been submitted for this issue.

Comments

@ptitdoc
Copy link

ptitdoc commented Feb 13, 2024
edited
Loading

How to file a helpful issue

Qubes OS release

4.2.0

Brief summary

On some occasions, data cannot be pasted from another VM using secure paste, especially when doing paste operation on kali linux but the data comes from a Microsoft Window environment.

Steps to reproduce

  1. Data is copied from a remote desktop application (Citrix+Remmina) and copied to the secure clipboard (Ctrl+Shift+C) (a message shows several bytes are copied)
  2. The data can be grabbed in another qube using Ctrl+Shift+V (a message shows data base been pasted)
  3. When actually copying (using middle click or right-click+paste) in a an application, nothing occurs and the following message appears in logs: qubes-gui[977]: Invalid clipboard data from VM

Here is some other tips:

  • This often occurs when doing security copy from a windows environment (through a RDP / Citrix session). My guess is that special characters are copied, or utf16 encoded data is copied.
  • This often occurs when copying multiple lines of text. A single line of text seems to be ok most of the time. Is it due to the usage of \r\n ?
  • This often occurs when doing secure paste inside apps such as scite, kate, chrome.
  • This often paste data on a qube using a debian12 template, but often fail on a qubes using a kali-linux template.
  • This sometime paste data when using middle-click directly inside the terminator app

Expected behavior

The data is pasted even if it contains non printable characters.

Actual behavior

Nothing occurs when pasting the data.
@ptitdoc ptitdoc added P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. T: bug labels Feb 13, 2024
@marmarek
Copy link
Member

The application you are pasting into requested UTF8-encoded string, the data found in the clipboard was invalid UTF8 so it couldn't be pasted. I think your guess about UTF-16 is very likely - that RDP / Citrix copies UTF-16 text, but marks it as UTF-8 (or more likely, qubes-gui agent doesn't notice the format and assume it's UTF-8?).
The relevant code is here:

Can you enable debugging (see qube settings, restart qube after changing it) in the qube you copy from, and then see what gets logged about the time when you copy data?
If that doesn't show anything meaningful, you can also dump secure clipboard content in dom0 (xxd /run/qubes/qubes-clipboard.bin) and post problematic content (but make sure it isn't anything confidential...). That should help find out what is wrong with the content, but we'd still some info from the source qube why conversion failed there.

@ptitdoc
Copy link
Author

ptitdoc commented Feb 14, 2024

Thanks for the tips, it also help me reproducing the issue.

Here is multiline text. I can middle click to paste it in a terminal, but I cannot paste it in scite or chrome (middleclick has no effect and right click paste does not paste any content):
00000000: 4669 7273 7420 6c69 6e65 206f 6620 7465 First line of te 00000010: 7874 0d0a 5365 636f 6e64 206c 696e 6520 xt..Second line 00000020: 6f66 2074 6578 740d 0a41 6e64 2061 2074 of text..And a t 00000030: 6869 7264 206c 696e 6520 6f66 2074 6578 hird line of tex 00000040: 74 t

I can confirm that it works with a single line of text however:
00000000: 4669 7273 7420 6c69 6e65 206f 6620 7465 First line of te 00000010: 7874 xt

Is it possible that the \0x0d character alone is breaking things ?

@ptitdoc
Copy link
Author

ptitdoc commented Feb 14, 2024

Looking at the code, maybe there is something going on there where several special characters are not considered as valid string:
https://github.com/QubesOS/qubes-gui-agent-linux/blob/02c85aba6f2353fb12dad70b7304ed73807c7267/gui-agent/vmside.c#L1108

https://github.com/QubesOS/qubes-gui-agent-linux/blob/02c85aba6f2353fb12dad70b7304ed73807c7267/gui-agent/encoding.c#L116

@andrewdavidwong andrewdavidwong added C: gui-virtualization needs diagnosis Requires technical diagnosis from developer. Replace with "diagnosed" or remove if otherwise closed. affects-4.2 This issue affects Qubes OS 4.2. labels Feb 14, 2024
@DemiMarie
Copy link

@ptitdoc you figured it out! When writing the code, I only considered LF (0x0A) and tab (0x09), but I forgot CR (0x0D). The result is that anything with CRLF line endings is blocked, which probably includes lots of stuff coming from Windows. Unix-like systems use LF line endings, which is why this bug did not get caught sooner.

Patch is straightforward, though I do need to decide on whether to allow CR standalone or only when followed by LF. Standalone CR is relatively rare, but it could happen.

FYI, the purpose of all of this filtering is because:

  • Some code might have undefined behavior on invalid UTF-8.
  • Certain control characters can be used to bypass bracketed paste mode in terminals. CR is not one of these characters, IIUC.

@DemiMarie DemiMarie added diagnosed Technical diagnosis has been performed (see issue comments). and removed needs diagnosis Requires technical diagnosis from developer. Replace with "diagnosed" or remove if otherwise closed. labels Feb 15, 2024
@DemiMarie DemiMarie self-assigned this Feb 15, 2024
DemiMarie added a commit to DemiMarie/qubes-gui-agent-linux that referenced this issue Mar 5, 2024
@DemiMarie
Allow carriage return in secure clipboard
65dd88a 
Fixes copy & paste of data containing it, such as from Windows.

Fixes: QubesOS/qubes-issues#8937
@DemiMarie DemiMarie mentioned this issue Mar 5, 2024
Merged
@andrewdavidwong andrewdavidwong added the pr submitted A pull request has been submitted for this issue. label Mar 11, 2024
This was referenced Apr 26, 2024
Closed
Closed
@qubesos-bot qubesos-bot mentioned this issue May 9, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DemiMarie DemiMarie

Labels
affects-4.2 This issue affects Qubes OS 4.2. C: gui-virtualization diagnosed Technical diagnosis has been performed (see issue comments). P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. pr submitted A pull request has been submitted for this issue.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow carriage return in secure clipboard DemiMarie/qubes-gui-agent-linux
4 participants
@marmarek @ptitdoc @DemiMarie @andrewdavidwong