firewalld can be crashed via DBus #985
Description
How to reproduce it (as minimally and precisely as possible):
gdbus call --system --dest org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.freedesktop.DBus.Properties.Set IPAddressDeny IPAddressDeny '<(handle 277008498,)>'
Anything else we need to know?:
#0 0x00007f3d122baaec __pthread_kill_implementation (libc.so.6 + 0xa1aec)
#1 0x00007f3d1226e2a6 raise (libc.so.6 + 0x552a6)
#2 0x00007f3d122417f3 abort (libc.so.6 + 0x287f3)
#3 0x00007f3d1224171b __assert_fail_base.cold (libc.so.6 + 0x2871b)
#4 0x00007f3d122671f6 __assert_fail (libc.so.6 + 0x4e1f6)
#5 0x00007f3d11e9d080 UnixFd_tp_new (_dbus_bindings.so + 0xe080)
#6 0x00007f3d1253c43d type_call (libpython3.10.so.1.0 + 0x11b43d)
#7 0x00007f3d12548628 _PyObject_Call (libpython3.10.so.1.0 + 0x127628)
#8 0x00007f3d11ea14d3 _message_iter_get_pyobject (_dbus_bindings.so + 0x124d3)
#9 0x00007f3d11ea1b2e _message_iter_append_all_to_list (_dbus_bindings.so + 0x12b2e)
#10 0x00007f3d11ea1251 _message_iter_get_pyobject (_dbus_bindings.so + 0x12251)
#11 0x00007f3d11ea13df _message_iter_get_pyobject (_dbus_bindings.so + 0x123df)
#12 0x00007f3d11ea18d4 _message_iter_get_pyobject (_dbus_bindings.so + 0x128d4)
#13 0x00007f3d11ea1b2e _message_iter_append_all_to_list (_dbus_bindings.so + 0x12b2e)
#14 0x00007f3d11ea295e dbus_py_Message_get_args_list (_dbus_bindings.so + 0x1395e)
#15 0x00007f3d125400c2 cfunction_call (libpython3.10.so.1.0 + 0x11f0c2)
#16 0x00007f3d12548628 _PyObject_Call (libpython3.10.so.1.0 + 0x127628)
#17 0x00007f3d12539936 _PyEval_EvalFrameDefault (libpython3.10.so.1.0 + 0x118936)
#18 0x00007f3d12532000 _PyEval_Vector (libpython3.10.so.1.0 + 0x111000)
#19 0x00007f3d1254826e method_vectorcall (libpython3.10.so.1.0 + 0x12726e)
#20 0x00007f3d1252d966 _PyObject_VectorcallTstate.lto_priv.5 (libpython3.10.so.1.0 + 0x10c966)
#21 0x00007f3d125af697 object_vacall (libpython3.10.so.1.0 + 0x18e697)
#22 0x00007f3d125af571 PyObject_CallFunctionObjArgs (libpython3.10.so.1.0 + 0x18e571)
#23 0x00007f3d11e9997b DBusPyConnection_HandleMessage (_dbus_bindings.so + 0xa97b)
#24 0x00007f3d11e9f8b1 _object_path_message (_dbus_bindings.so + 0x108b1)
#25 0x00007f3d11e584a9 dbus_connection_dispatch (libdbus-1.so.3 + 0x1b4a9)
#26 0x00007f3d10fa7b59 message_queue_dispatch (_dbus_glib_bindings.so + 0x2b59)
#27 0x00007f3d1155c0af g_main_context_dispatch (libglib-2.0.so.0 + 0x550af)
#28 0x00007f3d115b1308 g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0xaa308)
#29 0x00007f3d1155b7c3 g_main_loop_run (libglib-2.0.so.0 + 0x547c3)
#30 0x00007f3d11482c04 ffi_call_unix64 (libffi.so.6 + 0x6c04)
#31 0x00007f3d11482108 ffi_call (libffi.so.6 + 0x6108)
#32 0x00007f3d1166fe1b pygi_invoke_c_callable (_gi.cpython-310-x86_64-linux-gnu.so + 0x2de1b)
#33 0x00007f3d1166e8d6 _wrap_g_callable_info_invoke (_gi.cpython-310-x86_64-linux-gnu.so + 0x2c8d6)
#34 0x00007f3d116635ce _callable_info_call (_gi.cpython-310-x86_64-linux-gnu.so + 0x215ce)
#35 0x00007f3d1253c2b4 _PyObject_MakeTpCall (libpython3.10.so.1.0 + 0x11b2b4)
#36 0x00007f3d1253907e _PyEval_EvalFrameDefault (libpython3.10.so.1.0 + 0x11807e)
#37 0x00007f3d12532000 _PyEval_Vector (libpython3.10.so.1.0 + 0x111000)
#38 0x00007f3d12533640 _PyEval_EvalFrameDefault (libpython3.10.so.1.0 + 0x112640)
#39 0x00007f3d12532000 _PyEval_Vector (libpython3.10.so.1.0 + 0x111000)
#40 0x00007f3d12538456 _PyEval_EvalFrameDefault (libpython3.10.so.1.0 + 0x117456)
#41 0x00007f3d12532000 _PyEval_Vector (libpython3.10.so.1.0 + 0x111000)
#42 0x00007f3d125331c9 _PyEval_EvalFrameDefault (libpython3.10.so.1.0 + 0x1121c9)
#43 0x00007f3d12532000 _PyEval_Vector (libpython3.10.so.1.0 + 0x111000)
#44 0x00007f3d125331c9 _PyEval_EvalFrameDefault (libpython3.10.so.1.0 + 0x1121c9)
#45 0x00007f3d12532000 _PyEval_Vector (libpython3.10.so.1.0 + 0x111000)
#46 0x00007f3d125ad924 PyEval_EvalCode (libpython3.10.so.1.0 + 0x18c924)
#47 0x00007f3d125e0144 run_eval_code_obj (libpython3.10.so.1.0 + 0x1bf144)
#48 0x00007f3d125db296 run_mod (libpython3.10.so.1.0 + 0x1ba296)
#49 0x00007f3d124ac9a9 pyrun_file.cold (libpython3.10.so.1.0 + 0x8b9a9)
#50 0x00007f3d125d5562 _PyRun_SimpleFileObject (libpython3.10.so.1.0 + 0x1b4562)
#51 0x00007f3d125d5317 _PyRun_AnyFileObject (libpython3.10.so.1.0 + 0x1b4317)
#52 0x00007f3d125d2504 Py_RunMain (libpython3.10.so.1.0 + 0x1b1504)
#53 0x00007f3d1259eb8d Py_BytesMain (libpython3.10.so.1.0 + 0x17db8d)
#54 0x00007f3d12259440 __libc_start_call_main (libc.so.6 + 0x40440)
#55 0x00007f3d122594f0 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x404f0)
#56 0x0000559a2f727095 _start (python3.10 + 0x1095)
Stack trace of thread 154:
#0 0x00007f3d1235b4df __poll (libc.so.6 + 0x1424df)
#1 0x00007f3d115b129c g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0xaa29c)
#2 0x00007f3d115598a3 g_main_context_iteration (libglib-2.0.so.0 + 0x528a3)
#3 0x00007f3d115598f1 glib_worker_main (libglib-2.0.so.0 + 0x528f1)
#4 0x00007f3d115867c2 g_thread_proxy (libglib-2.0.so.0 + 0x7f7c2)
#5 0x00007f3d122b8da2 start_thread (libc.so.6 + 0x9fda2)
#6 0x00007f3d122589e0 __clone3 (libc.so.6 + 0x3f9e0)Environment:
- Firewalld Version (if Fedora based
dnf info firewalldor commit hash if developing from gitgit log -n1 --format=format:"%H"): a6b4762 andfirewalld-1.0.4-1.fc35 - Firewalld Backend (
cat /etc/firewalld/firewalld.conf | grep FirewallBackend):
# FirewallBackend
FirewallBackend=nftables
- OS (e.g:
cat /etc/os-release):Fedora 35