首頁 探索 說明
登入
Qubes
/
core-admin-client
2
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
瀏覽代碼

Fixed inconsistent firewall address checking

core-admin-client side had less strict rules for hostname than core-admin,
leading to unexpected empty qubesd response. Fixed by copying the logic from core-admin.
Marta Marczykowska-Górecka 3 年之前
父節點
1a4cdba7f7
當前提交
9377addd1e
共有 2 個文件被更改,包括 5 次插入1 次删除
分割檢視 顯示文件統計
  1. 5 0
      qubesadmin/firewall.py
  2. 0 1
      qubesadmin/tests/firewall.py

+ 5 - 0
qubesadmin/firewall.py
查看文件 

@@ -23,6 +23,8 @@
 
 
 import datetime
 
 import socket
 
+import string
 
+
 
 
 class RuleOption(object):
 
     '''Base class for a single rule element'''
 
@@ -120,6 +122,9 @@ class DstHost(RuleOption):
 
                 except socket.error:
 
                     self.type = 'dsthost'
 
                     self.prefixlen = 0
 
+                    safe_set = string.ascii_lowercase + string.digits + '-._'
 
+                    if not all(c in safe_set for c in value):
 
+                        raise ValueError('Invalid hostname')
 
         else:
 
             host, prefixlen = value.split('/', 1)
 
             prefixlen = int(prefixlen)

+ 0 - 1
qubesadmin/tests/firewall.py
查看文件 

@@ -176,7 +176,6 @@ class TC_02_DstHost(qubesadmin.tests.QubesTestCase):
 
         with self.assertRaises(ValueError):
 
             qubesadmin.firewall.DstHost('2001:abcd:efab::3/64')
 
 
-    @unittest.expectedFailure
 
     def test_020_invalid_hostname(self):
 
         with self.assertRaises(ValueError):
 
             qubesadmin.firewall.DstHost('www  qubes-os.org')