From d6bce4dec598b705e36c55f2651cc2aacf152d97 Mon Sep 17 00:00:00 2001
From: deeplow <deeplower@protonmail.com>
Date: Mon, 21 Aug 2023 19:25:55 +0100
Subject: [PATCH] Qubes: close qrexec stdin and stout

Ensure a server cannon keep the client hannging if more data than
necessary is sent. This applies to container and the Qubes
implmentation.
---
 dangerzone/isolation_provider/qubes.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/dangerzone/isolation_provider/qubes.py b/dangerzone/isolation_provider/qubes.py
index 8ed9b5e..b4764d1 100644
--- a/dangerzone/isolation_provider/qubes.py
+++ b/dangerzone/isolation_provider/qubes.py
@@ -46,6 +46,7 @@ def read_debug_text(p: subprocess.Popen) -> str:
     """Read arbitrarily long text (for debug purposes)"""
     if p.stderr:
         untrusted_text = p.stderr.read(MAX_CONVERSION_LOG_CHARS)
+        p.stderr.close()
         return untrusted_text.decode("ascii", errors="replace")
     else:
         return ""
@@ -135,6 +136,9 @@ class Qubes(IsolationProvider):
                 text = f"Converting page {page}/{n_pages} to pixels"
                 self.print_progress_trusted(document, False, text, percentage)
 
+        # Ensure nothing else is read after all bitmaps are obtained
+        p.stdout.close()  # type: ignore [union-attr]
+
         # TODO handle leftover code input
         text = "Converted document to pixels"
         self.print_progress_trusted(document, False, text, percentage)