From 9377addd1e2d2a5543419edc5146f35dd995a03a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marta=20Marczykowska-G=C3=B3recka?=
 <marta.maria.gorecka@gmail.com>
Date: Tue, 14 Jul 2020 19:51:59 +0200
Subject: [PATCH] Fixed inconsistent firewall address checking

core-admin-client side had less strict rules for hostname than core-admin,
leading to unexpected empty qubesd response. Fixed by copying the logic from core-admin.
---
 qubesadmin/firewall.py       | 5 +++++
 qubesadmin/tests/firewall.py | 1 -
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/qubesadmin/firewall.py b/qubesadmin/firewall.py
index b103cf1..45f08b1 100644
--- a/qubesadmin/firewall.py
+++ b/qubesadmin/firewall.py
@@ -23,6 +23,8 @@
 
 import datetime
 import socket
+import string
+
 
 class RuleOption(object):
     '''Base class for a single rule element'''
@@ -120,6 +122,9 @@ class DstHost(RuleOption):
                 except socket.error:
                     self.type = 'dsthost'
                     self.prefixlen = 0
+                    safe_set = string.ascii_lowercase + string.digits + '-._'
+                    if not all(c in safe_set for c in value):
+                        raise ValueError('Invalid hostname')
         else:
             host, prefixlen = value.split('/', 1)
             prefixlen = int(prefixlen)
diff --git a/qubesadmin/tests/firewall.py b/qubesadmin/tests/firewall.py
index 75d7e5f..9da7bfa 100644
--- a/qubesadmin/tests/firewall.py
+++ b/qubesadmin/tests/firewall.py
@@ -176,7 +176,6 @@ class TC_02_DstHost(qubesadmin.tests.QubesTestCase):
         with self.assertRaises(ValueError):
             qubesadmin.firewall.DstHost('2001:abcd:efab::3/64')
 
-    @unittest.expectedFailure
     def test_020_invalid_hostname(self):
         with self.assertRaises(ValueError):
             qubesadmin.firewall.DstHost('www  qubes-os.org')