Bug#1034568: binascii.Error: Odd-length string when asking the status

2023-05-02 Thread Jamie Strandboge 
On Tue, 02 May 2023, Marek Küthe wrote:

> Hello,
> 
> thank you for the answer.
> 
> I must admit that I was a bit hasty in reporting this error. This error
> occurred when I tried to automate my ufw firewall rules with ansible.
> In doing so, I had unfortunately run several scripts which inserted
> rules - maybe this is the reason? In the meantime I don't have the
> problem anymore and unfortunately I don't know the problematic rule.
> But I also noticed that the same error occurred when I inserted
> firewall rules and watched ufw status "watch -n 0.5 'ufw status
> numbered | wc -l'".

Ok, no worries. I'm glad you aren't seeing the issue anymore. I plan to
upload the mitigation fix to bookworm which will close out this issue.
If you happen to come across this error again, perhaps consider
responding with the additional info.

Thanks again for the report.

-- 
Email: ja...@strandboge.com
IRC:   jdstrand

Bug#1034568: binascii.Error: Odd-length string when asking the status

2023-05-02 Thread Jamie Strandboge 
On Mon, 01 May 2023, Jamie Strandboge wrote:

> Thank you for the report. If you update hex_decode() in
> /usr/lib/python3/dist-packages/ufw/util.py to use this:
> 
> return binascii.unhexlify('%2s' % h).decode("utf-8")
> 
> instead of:
> 
> return binascii.unhexlify(h).decode("utf-8")
> 
> Does it resolve the issue for you?

Don't worry about the above, I have a better mitigation to avoid tracing
back:
https://git.launchpad.net/ufw/commit/?id=a14ab9777cde6308724164f5c42d368d2a823b3a

This will be in the next upload and will allow 'ufw status' to still
work in the face of an odd length hex string which will mitigate the
issue, but not address the underlying cause.

I'd like to better understand how you ended up with an odd length string
in the first place. You gave a reproducer, but can we simplify it a bit?
Can you:

1. backup your firewall with:
  $ sudo ufw disable
  $ sudo /lib/ufw/ufw-init flush-all
  $ sudo cp -a /etc/ufw /etc/ufw.backup
2. reproduce the issue with:
  $ sudo ufw reset(resets to installation defaults)
  $ sudo ufw enable
  $ sudo ufw route ...(I need a single rule that causes the issue)
  $ sudo ufw status   (demonstrates the problem)
  $ sudo cat /etc/ufw/user.rules  (I need this with the problematic rule)
  $ env|grep LC_  (I need this to see if related)
3. restore from backup with:
  $ sudo ufw disable
  $ sudo /lib/ufw/ufw-init flush-all
  $ sudo mv /etc/ufw /etc/ufw.1034568
  $ sudo cp -a /etc/ufw.backup /etc/ufw
  $ sudo ufw enable

When responding, please include the problematic ufw rule,
/etc/ufw/user.rules and the output of 'env|grep LC_'.

Thanks!

-- 
Email: ja...@strandboge.com
IRC:   jdstrand

Bug#1034568: binascii.Error: Odd-length string when asking the status

2023-05-02 Thread Jamie Strandboge 
On Tue, 02 May 2023, Jamie Strandboge wrote:

> Don't worry about the above, I have a better mitigation to avoid tracing
> back:
> https://git.launchpad.net/ufw/commit/?id=a14ab9777cde6308724164f5c42d368d2a823b3a

Sorry, this is the correct commit:
https://git.launchpad.net/ufw/commit/?id=aa26a79dd34ff2c727d7a00132bcaa365da8cd9f

-- 
Email: ja...@strandboge.com
IRC:   jdstrand

Bug#1034568: binascii.Error: Odd-length string when asking the status

2023-05-01 Thread Jamie Strandboge 
Thank you for the report. If you update hex_decode() in
/usr/lib/python3/dist-packages/ufw/util.py to use this:

return binascii.unhexlify('%2s' % h).decode("utf-8")

instead of:

return binascii.unhexlify(h).decode("utf-8")

Does it resolve the issue for you?

-- 
Email: ja...@strandboge.com
IRC:   jdstrand

Bug#1034568: binascii.Error: Odd-length string when asking the status

2023-04-18 Thread Marek Küthe 
Package: ufw
Version: 0.36-7.1
Severity: important

Dear Maintainer,

*** Reporter, please consider answering these questions, where
appropriate ***

   * What led up to the situation?
Adding a few rules:
ufw route allow in on {{ item }} from fd00::/8 to fd00::/8 comment
 'dnet' ufw route allow in on {{ item }} from 172.20.0.0/14 to
 172.20.0.0/14 comment 'dnet' ufw route allow in on {{ item }} from
 10.0.0.0/8 to 10.0.0.0/8 comment 'dnet' ufw route allow in on {{
 item }} from 10.0.0.0/8 to 172.20.0.0/14 comment 'dnet' ufw route
 allow in on {{ item }} from 172.20.0.0/14 to 10.0.0.0/8 comment
 'dnet' ufw route allow in on {{ item }} from
 2001:db8:dead:beef::/64 to 2001:db8:dead:beef::/64 comment 'dnet'
 ufw route allow in on {{ item }} from 172.24.0.0/16 to
 172.24.0.0/16 comment 'dnet'

and then ufw status
* What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
Traceback (most recent call last):
  File "/usr/sbin/ufw", line 147, in 
res = ui.do_action(pr.action, "", "", pr.force)
  File "/usr/lib/python3/dist-packages/ufw/frontend.py", line 652, in
do_action res = self.get_status()
  File "/usr/lib/python3/dist-packages/ufw/frontend.py", line 261, in
get_status out = self.backend.get_status(verbose, show_count)
  File "/usr/lib/python3/dist-packages/ufw/backend_iptables.py", line
419, in get_status comment_str = " # %s" % r.get_comment()
  File "/usr/lib/python3/dist-packages/ufw/common.py", line 372, in
get_comment return ufw.util.hex_decode(self.comment)
  File "/usr/lib/python3/dist-packages/ufw/util.py", line 1104, in
hex_decode return binascii.unhexlify(h).decode('utf-8')
binascii.Error: Odd-length string

   * What outcome did you expect instead?

the normal ufw status

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 11.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable') Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-21-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=locale: Cannot
set LC_ALL to default locale: No such file or directory UTF-8),
LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages ufw depends on:
ii  debconf [debconf-2.0]  1.5.77
ii  iptables   1.8.7-1
ii  lsb-base   11.1.0
ii  python33.9.2-3
ii  ucf3.0043

ufw recommends no packages.

Versions of packages ufw suggests:
ii  rsyslog  8.2102.0-2+deb11u1

-- Configuration Files:
/etc/default/ufw changed:
IPV6=yes
DEFAULT_INPUT_POLICY="DROP"
DEFAULT_OUTPUT_POLICY="ACCEPT"
DEFAULT_FORWARD_POLICY="ACCEPT"
DEFAULT_APPLICATION_POLICY="SKIP"
MANAGE_BUILTINS=no
IPT_SYSCTL=/etc/ufw/sysctl.conf
IPT_MODULES=""


-- debconf information:
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = "en_US:en",
LC_ALL = (unset),
LC_TIME = "de_DE.UTF-8",
LC_MONETARY = "de_DE.UTF-8",
LC_ADDRESS = "de_DE.UTF-8",
LC_TELEPHONE = "de_DE.UTF-8",
LC_NAME = "de_DE.UTF-8",
LC_MEASUREMENT = "de_DE.UTF-8",
LC_IDENTIFICATION = "de_DE.UTF-8",
LC_NUMERIC = "de_DE.UTF-8",
LC_PAPER = "de_DE.UTF-8",
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to a fallback locale ("en_US.UTF-8").
locale: Cannot set LC_ALL to default locale: No such file or directory
  ufw/existing_configuration:
  ufw/allow_known_ports:
  ufw/allow_custom_ports:
  ufw/enable: false

-- debsums errors found:
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = "en_US:en",
LC_ALL = (unset),
LC_TIME = "de_DE.UTF-8",
LC_MONETARY = "de_DE.UTF-8",
LC_ADDRESS = "de_DE.UTF-8",
LC_TELEPHONE = "de_DE.UTF-8",
LC_NAME = "de_DE.UTF-8",
LC_MEASUREMENT = "de_DE.UTF-8",
LC_IDENTIFICATION = "de_DE.UTF-8",
LC_NUMERIC = "de_DE.UTF-8",
LC_PAPER = "de_DE.UTF-8",
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to a fallback locale ("en_US.UTF-8").

-- 
Marek Küthe
m...@mk16.de
er/ihm he/him