libnm: fix crash in nm_ip_routing_rule_from_string()

    import gi
    gi.require_version("NM", "1.0")
    from gi.repository import NM

    r = NM.IPRoutingRule.from_string('priority 10 type blackhole', NM.IPRoutingRuleAsStringFlags.AF_INET)
    r.to_string(NM.IPRoutingRuleAsStringFlags.NONE)

    r = NM.IPRoutingRule.from_string('priority 10 blackhole', NM.IPRoutingRuleAsStringFlags.AF_INET)
    r.to_string(NM.IPRoutingRuleAsStringFlags.NONE)

    r= NM.IPRoutingRule.from_string('priority 10 bogus', NM.IPRoutingRuleAsStringFlags.AF_INET)
    # CRASH

Fixes: e922404990c9 ('libnm,core: support "prohibit"/"blackhole"/"unreachable" type routing rules')
(cherry picked from commit 668c90dbb855600ccd914768a2498f9cf01308b1)

2 files changed, 19 insertions, 4 deletions

diff --git a/src/libnm-core-impl/nm-setting-ip-config.c b/src/libnm-core-impl/nm-setting-ip-config.c
index ecb880e95d..ef5dcb1b20 100644
--- a/src/libnm-core-impl/nm-setting-ip-config.c
+++ b/src/libnm-core-impl/nm-setting-ip-config.c
@@ -3522,14 +3522,11 @@ nm_ip_routing_rule_from_string(const char *                 str,
         }
 
         if (i_action < 0) {
-            i_action = nm_net_aux_rtnl_rtntype_a2n(word1);
+            i_action = nm_net_aux_rtnl_rtntype_a2n(word0);
             if (i_action >= 0)
                 goto next_words_consumed;
         }
 
-        /* also the action is still unsupported. For the moment, we only support
-         * FR_ACT_TO_TBL, which is the default (by not expressing it on the command
-         * line). */
         g_set_error(error,
                     NM_CONNECTION_ERROR,
                     NM_CONNECTION_ERROR_FAILED,
diff --git a/src/libnm-core-impl/tests/test-setting.c b/src/libnm-core-impl/tests/test-setting.c
index e87d11721b..6b65e98d26 100644
--- a/src/libnm-core-impl/tests/test-setting.c
+++ b/src/libnm-core-impl/tests/test-setting.c
@@ -4048,6 +4048,7 @@ test_routing_rule(gconstpointer test_data)
     nm_auto_unref_ip_routing_rule NMIPRoutingRule *rr1 = NULL;
     gboolean                                       success;
     char                                           ifname_buf[16];
+    gs_free_error GError *error = NULL;
 
     _rr_from_str("priority 5 from 0.0.0.0 table 1", "  from 0.0.0.0  priority  5 lookup 1 ");
     _rr_from_str("priority 5 from 0.0.0.0/0 table 4");
@@ -4077,6 +4078,7 @@ test_routing_rule(gconstpointer test_data)
                  "priority 5 to 0.0.0.0 not dport 10-133 not table 6",
                  "priority 5 to 0.0.0.0 not dport 10-\\ 133 not table 6");
     _rr_from_str("priority 5 to 0.0.0.0 ipproto 10 sport 10 table 6");
+    _rr_from_str("priority 5 to 0.0.0.0 type blackhole", "priority 5 to 0.0.0.0 blackhole");
 
     rr1 = _rr_from_str_get("priority 5 from :: iif aab table 25");
     g_assert_cmpstr(nm_ip_routing_rule_get_iifname(rr1), ==, "aab");
@@ -4125,6 +4127,22 @@ test_routing_rule(gconstpointer test_data)
     g_assert_cmpstr(ifname_buf, ==, "a\303\261,x;b");
     g_assert(success);
     nm_clear_pointer(&rr1, nm_ip_routing_rule_unref);
+
+    rr1 = nm_ip_routing_rule_from_string("priority   6 blackhole",
+                                         NM_IP_ROUTING_RULE_AS_STRING_FLAGS_AF_INET,
+                                         NULL,
+                                         &error);
+    nmtst_assert_success(rr1, error);
+    nm_clear_pointer(&rr1, nm_ip_routing_rule_unref);
+    nm_clear_error(&error);
+
+    rr1 = nm_ip_routing_rule_from_string("priority   6 bogus",
+                                         NM_IP_ROUTING_RULE_AS_STRING_FLAGS_AF_INET,
+                                         NULL,
+                                         &error);
+    nmtst_assert_no_success(rr1, error);
+    nm_clear_pointer(&rr1, nm_ip_routing_rule_unref);
+    nm_clear_error(&error);
 }
 
 /*****************************************************************************/