Qubes/core-admin-client
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixed inconsistent firewall address checking

Browse Source 
core-admin-client side had less strict rules for hostname than core-admin,
leading to unexpected empty qubesd response. Fixed by copying the logic from core-admin.
This commit is contained in:
Marta Marczykowska-Górecka 2020-07-14 19:51:59 +02:00
parent 1a4cdba7f7
commit 9377addd1e
No known key found for this signature in database
GPG Key ID: 9A752C30B26FD04B
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
qubesadmin/firewall.py
View File

@ -23,6 +23,8 @@
import datetime import datetime
import socket import socket
import string
class RuleOption(object): class RuleOption(object):
'''Base class for a single rule element''' '''Base class for a single rule element'''
@ -120,6 +122,9 @@ class DstHost(RuleOption):
except socket.error: except socket.error:
self.type = 'dsthost' self.type = 'dsthost'
self.prefixlen = 0 self.prefixlen = 0
safe_set = string.ascii_lowercase + string.digits + '-._'
if not all(c in safe_set for c in value):
raise ValueError('Invalid hostname')
else: else:
host, prefixlen = value.split('/', 1) host, prefixlen = value.split('/', 1)
prefixlen = int(prefixlen) prefixlen = int(prefixlen)

1
qubesadmin/tests/firewall.py
View File

@ -176,7 +176,6 @@ class TC_02_DstHost(qubesadmin.tests.QubesTestCase):
with self.assertRaises(ValueError): with self.assertRaises(ValueError):
qubesadmin.firewall.DstHost('2001:abcd:efab::3/64') qubesadmin.firewall.DstHost('2001:abcd:efab::3/64')
@unittest.expectedFailure
def test_020_invalid_hostname(self): def test_020_invalid_hostname(self):
with self.assertRaises(ValueError): with self.assertRaises(ValueError):
qubesadmin.firewall.DstHost('www qubes-os.org') qubesadmin.firewall.DstHost('www qubes-os.org')