Qubes/manager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Settings window: do not crash when there is no firewall rule

Browse Source 
When all firewall rules are removed, qubes-vm-settings crashed
trying to check if the last rule accepts or drops all packages.
It is now verifies that there is a last rule.

Also, it is now properly verified that the last rule accept
or drops all packages.

Associated stack trace:

----
line: last_rule = reversed_rules.pop(0)
func: get_firewall_conf
line no.: 227
file: /usr/lib/python3.5/site-packages/qubesmanager/firewall.py
----
line: conf = self.get_firewall_conf(vm)
func: set_vm
line no.: 308
file: /usr/lib/python3.5/site-packages/qubesmanager/firewall.py
----
line: model.set_vm(vm)
func: __init__
line no.: 111
file: /usr/lib/python3.5/site-packages/qubesmanager/settings.py
----
line: settings_window = VMSettingsWindow(vm, qapp, args.tab)
func: main
line no.: 1133
file: /usr/lib/python3.5/site-packages/qubesmanager/settings.py
----
line: load_entry_point('qubesmanager==4.0.17', 'console_scripts', 'qubes-vm-settings')()
func: <module>
line no.: 9
file: /usr/bin/qubes-vm-settings
This commit is contained in:
Peter Gerber 2018-05-11 00:30:20 +00:00
parent 3ec089f827
commit 031ad02ff6
No known key found for this signature in database
GPG Key ID: 07C068AEE44683A1
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
qubesmanager/firewall.py
View File

@ -223,23 +223,24 @@ class QubesFirewallRulesModel(QtCore.QAbstractItemModel):
allow_icmp = False
common_action = None
reversed_rules = list(reversed(vm.firewall.rules))
last_rule = reversed_rules.pop(0)
reversed_rules = reversed(vm.firewall.rules)
last_rule = next(reversed_rules, None)
if last_rule is None:
raise FirewallModifiedOutsideError('At least one rule must exist.')
if last_rule == qubesadmin.firewall.Rule('action=accept') \
or last_rule == qubesadmin.firewall.Rule('action=drop'):
common_action = last_rule.action
else:
FirewallModifiedOutsideError('Last rule must be either '
raise FirewallModifiedOutsideError('Last rule must be either '
'drop all or accept all.')
dns_rule = qubesadmin.firewall.Rule(None,
action='accept', specialtarget='dns')
icmp_rule = qubesadmin.firewall.Rule(None,
action='accept', proto='icmp')
while reversed_rules:
rule = reversed_rules.pop(0)
for rule in reversed_rules:
if rule == dns_rule:
allow_dns = True
continue