ufw

Improve error reporting when find malformed comment in user.rules

Bug #1709856 reported by Andrew Gallagher on 2017-08-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	ufw	Triaged	Wishlist	Unassigned

Bug Description

ufw 0.35 (xenial) but issue appears to be in HEAD also.

When running against a config with a corrupted comment line in /etc/ufw/user.rules, 'ufw status' crashes:

# ufw status
Traceback (most recent call last):
  File "/usr/sbin/ufw", line 137, in <module>
    res = ui.do_action(pr.action, "", "", pr.force)
  File "/usr/lib/python3/dist-packages/ufw/frontend.py", line 631, in do_action
    res = self.get_status()
  File "/usr/lib/python3/dist-packages/ufw/frontend.py", line 256, in get_status
    out = self.backend.get_status(verbose, show_count)
  File "/usr/lib/python3/dist-packages/ufw/backend_iptables.py", line 419, in get_status
    comment_str = " # %s" % r.get_comment()
  File "/usr/lib/python3/dist-packages/ufw/common.py", line 343, in get_comment
    return ufw.util.hex_decode(self.comment)
  File "/usr/lib/python3/dist-packages/ufw/util.py", line 1066, in hex_decode
    return binascii.unhexlify(h).decode('utf-8')
binascii.Error: Non-hexadecimal digit found

In my case, this was because someone had hand-edited the user.rules file and mangled the comment field.

Since ufw was otherwise functional, it would be better to handle this error gracefully. The simplest method might be to return an error in the displayed comment rather than throwing a fatal exception.

PATCH FOLLOWS
-------------

*** /usr/lib/python3/dist-packages/ufw/util.py.dist 2017-08-10 11:23:21.135971293 +0000
--- /usr/lib/python3/dist-packages/ufw/util.py 2017-08-10 11:09:25.973565437 +0000
*************** def hex_decode(h):
*** 1063,1066 ****
      '''Take a hex string and convert it to a string'''
      if sys.version_info[0] < 3:
          return h.decode(encoding='hex').decode('utf-8')
! return binascii.unhexlify(h).decode('utf-8')
--- 1063,1069 ----
      '''Take a hex string and convert it to a string'''
      if sys.version_info[0] < 3:
          return h.decode(encoding='hex').decode('utf-8')
! try:
! return binascii.unhexlify(h).decode('utf-8')
! except:
! return '<Bad string>'

See original description

Revision history for this message

Andrew Gallagher (andrewg-l) wrote on 2017-08-10:

s/user.conf/user.rules/g

description:

updated

Jamie Strandboge (jdstrand) on 2018-12-13

Changed in ufw:
status:	New → Triaged
importance:	Undecided → Wishlist
importance:	Wishlist → Low

Jamie Strandboge (jdstrand) on 2018-12-14

summary:

- crashes on corrupt comments in config [PATCH]
+ crash with malformed user.rules

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2018-12-14: Re: crash with malformed user.rules

In thinking about this, ufw manages user*rules and it hex_encodes/decodes the comment string. If someone comes in and changes this, ufw *should* error, which you agree with. However, displaying that string to the user in a meaningful way is difficult. Returning '<Bad string>' is definitely prettier, but the question then is 'what string?' and trying to display the bad string is probably a bad idea. We could instead do something like: 'Malformed encoded comment for rule: ...' though.

Changed in ufw:
importance:	Low → Wishlist
summary:	- crash with malformed user.rules + Improve error reporting when find malformed comment in user.rules

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.