Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(core): fix exception while parsing invalid "tcp-mss-clamp" in policy
Otherwise, having a policy like <?xml version="1.0" encoding="utf-8"?> <policy priority="100" target="ACCEPT"> <ingress-zone name="FedoraServer"/> <egress-zone name="external"/> <tcp-mss-clamp/> </policy> results in a crash: Aug 08 14:22:27 7291245c7ebc firewalld[58363]: Traceback (most recent call last): File "/usr/lib/python3.11/site-packages/firewall/server/decorators.py", line 64, in _impl return func(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/firewall/server/firewalld.py", line 320, in reload self.fw.reload() File "/usr/lib/python3.11/site-packages/firewall/core/fw.py", line 1127, in reload check_on_disk_config(self) File "/usr/lib/python3.11/site-packages/firewall/core/io/functions.py", line 90, in check_on_disk_config obj = readers[reader]["reader"](file, _dir) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/firewall/core/io/policy.py", line 1073, in policy_reader parser.parse(source) File "/usr/lib64/python3.11/xml/sax/expatreader.py", line 111, in parse xmlreader.IncrementalParser.parse(self, source) File "/usr/lib64/python3.11/xml/sax/xmlreader.py", line 125, in parse self.feed(buffer) File "/usr/lib64/python3.11/xml/sax/expatreader.py", line 217, in feed self._parser.Parse(data, isFinal) File "/builddir/build/BUILD/Python-3.11.4/Modules/pyexpat.c", line 416, in StartElement File "/usr/lib64/python3.11/xml/sax/expatreader.py", line 333, in start_element self._cont_handler.startElement(name, AttributesImpl(attrs)) File "/usr/lib/python3.11/site-packages/firewall/core/io/policy.py", line 991, in startElement if common_startElement(self, name, attrs): ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/firewall/core/io/policy.py", line 114, in common_startElement attrs["value"]) ~~~~~^^^^^^^^^ File "/usr/lib64/python3.11/xml/sax/xmlreader.py", line 318, in __getitem__ return self._attrs[name] ~~~~~~~~~~~^^^^^^ KeyError: 'value' Aug 08 14:22:29 7291245c7ebc firewalld[58363]: DEBUG1: Loading policy file '/usr/lib/firewalld/policies/allow-host-ipv6.xml' Aug 08 14:22:29 7291245c7ebc firewalld[58363]: ERROR: Failed to load policy file 'allow-host-ipv6.xml': 'value' https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahosted.org/message/7J423T2P5R3Y6ASNCN4HDPVHZUVHSYGD/ Fixes: 3f93937 ('docs(rich): update docs to support tcp-mss-clamp') (cherry picked from commit 0f31187)
- Loading branch information