diff options
| author | Thomas Haller <thaller@redhat.com> | 2014-08-25 16:21:59 +0200 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2014-08-25 16:46:14 +0200 |
| commit | ed20177d27f84dcdad31f17f354d30b02fe30a4c (patch) | |
| tree | 3709ae026b2d24fdd3f80befed1384fbe448b553 | |
| parent | 6de4a548df53e4837f9c3d384713d4be0a162f95 (diff) | |
| download | NetworkManager-ed20177d27f84dcdad31f17f354d30b02fe30a4c.tar.gz | |
core: refactor nm_utils_complete_generic() not to use a dynamic format string
For NMDeviceWifi and NMDeviceWimax, the printf format string for
nm_utils_complete_generic() was created based on ssid/nsp. Since
these input strings are untrusted, this is a serious bug.
Signed-off-by: Thomas Haller <thaller@redhat.com>
| -rw-r--r-- | po/POTFILES.in | 1 | ||||
| -rw-r--r-- | src/NetworkManagerUtils.c | 22 | ||||
| -rw-r--r-- | src/NetworkManagerUtils.h | 2 | ||||
| -rw-r--r-- | src/devices/adsl/nm-device-adsl.c | 2 | ||||
| -rw-r--r-- | src/devices/bluetooth/nm-device-bt.c | 12 | ||||
| -rw-r--r-- | src/devices/nm-device-bond.c | 2 | ||||
| -rw-r--r-- | src/devices/nm-device-bridge.c | 2 | ||||
| -rw-r--r-- | src/devices/nm-device-ethernet.c | 2 | ||||
| -rw-r--r-- | src/devices/nm-device-infiniband.c | 2 | ||||
| -rw-r--r-- | src/devices/nm-device-vlan.c | 2 | ||||
| -rw-r--r-- | src/devices/team/nm-device-team.c | 2 | ||||
| -rw-r--r-- | src/devices/wifi/nm-device-olpc-mesh.c | 2 | ||||
| -rw-r--r-- | src/devices/wifi/nm-device-wifi.c | 6 | ||||
| -rw-r--r-- | src/devices/wimax/nm-device-wimax.c | 5 | ||||
| -rw-r--r-- | src/devices/wwan/nm-modem-broadband.c | 4 | ||||
| -rw-r--r-- | src/nm-manager.c | 2 |
16 files changed, 39 insertions, 31 deletions
diff --git a/po/POTFILES.in b/po/POTFILES.in index 86a0d1834b..2c6c0e3e53 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -102,6 +102,7 @@ libnm/nm-object.c libnm/nm-remote-connection.c libnm/nm-vpn-plugin.c policy/org.freedesktop.NetworkManager.policy.in.in +src/NetworkManagerUtils.c src/main.c src/dhcp-manager/nm-dhcp-dhclient.c src/dhcp-manager/nm-dhcp-dhclient-utils.c diff --git a/src/NetworkManagerUtils.c b/src/NetworkManagerUtils.c index 6f3d8b6635..af566faf8b 100644 --- a/src/NetworkManagerUtils.c +++ b/src/NetworkManagerUtils.c @@ -19,7 +19,10 @@ * Copyright (C) 2005 - 2008 Novell, Inc. */ +#include "config.h" + #include <glib.h> +#include <glib/gi18n.h> #include <errno.h> #include <fcntl.h> #include <string.h> @@ -846,8 +849,8 @@ value_hash_add_object_property (GHashTable *hash, static char * get_new_connection_name (const GSList *existing, - const char *format, - const char *preferred) + const char *preferred, + const char *fallback_prefix) { GSList *names = NULL; const GSList *iter; @@ -855,6 +858,8 @@ get_new_connection_name (const GSList *existing, int i = 0; gboolean preferred_found = FALSE; + g_assert (fallback_prefix); + for (iter = existing; iter; iter = g_slist_next (iter)) { NMConnection *candidate = NM_CONNECTION (iter->data); const char *id; @@ -880,7 +885,12 @@ get_new_connection_name (const GSList *existing, char *temp; gboolean found = FALSE; - temp = g_strdup_printf (format, i); + /* Translators: the first %s is a prefix for the connection id, such + * as "Wired Connection" or "VPN Connection". The %d is a number + * that is combined with the first argument to create a unique + * connection id. */ + temp = g_strdup_printf (C_("connection id fallback", "%s %d"), + fallback_prefix, i); for (iter = names; iter; iter = g_slist_next (iter)) { if (!strcmp (iter->data, temp)) { found = TRUE; @@ -944,14 +954,16 @@ void nm_utils_complete_generic (NMConnection *connection, const char *ctype, const GSList *existing, - const char *format, const char *preferred, + const char *fallback_prefix, gboolean default_enable_ipv6) { NMSettingConnection *s_con; char *id, *uuid; GHashTable *parameters = g_hash_table_new (g_str_hash, g_str_equal); + g_assert (fallback_prefix); + g_hash_table_insert (parameters, NM_CONNECTION_NORMALIZE_PARAM_IP6_CONFIG_METHOD, default_enable_ipv6 ? NM_SETTING_IP6_CONFIG_METHOD_AUTO : NM_SETTING_IP6_CONFIG_METHOD_IGNORE); @@ -970,7 +982,7 @@ nm_utils_complete_generic (NMConnection *connection, /* Add a connection ID if absent */ if (!nm_setting_connection_get_id (s_con)) { - id = get_new_connection_name (existing, format, preferred); + id = get_new_connection_name (existing, preferred, fallback_prefix); g_object_set (G_OBJECT (s_con), NM_SETTING_CONNECTION_ID, id, NULL); g_free (id); } diff --git a/src/NetworkManagerUtils.h b/src/NetworkManagerUtils.h index 8b532b78a6..92dd5ec4e4 100644 --- a/src/NetworkManagerUtils.h +++ b/src/NetworkManagerUtils.h @@ -102,8 +102,8 @@ const char *nm_utils_get_ip_config_method (NMConnection *connection, void nm_utils_complete_generic (NMConnection *connection, const char *ctype, const GSList *existing, - const char *format, const char *preferred, + const char *fallback_prefix, gboolean default_enable_ipv6); char *nm_utils_new_vlan_name (const char *parent_iface, guint32 vlan_id); diff --git a/src/devices/adsl/nm-device-adsl.c b/src/devices/adsl/nm-device-adsl.c index d9f9006e78..7aa84a9dd4 100644 --- a/src/devices/adsl/nm-device-adsl.c +++ b/src/devices/adsl/nm-device-adsl.c @@ -123,8 +123,8 @@ complete_connection (NMDevice *device, nm_utils_complete_generic (connection, NM_SETTING_ADSL_SETTING_NAME, existing_connections, - _("ADSL connection %d"), NULL, + _("ADSL connection"), FALSE); /* No IPv6 yet by default */ diff --git a/src/devices/bluetooth/nm-device-bt.c b/src/devices/bluetooth/nm-device-bt.c index 4e4f7354e8..e32814ab6d 100644 --- a/src/devices/bluetooth/nm-device-bt.c +++ b/src/devices/bluetooth/nm-device-bt.c @@ -222,7 +222,7 @@ complete_connection (NMDevice *device, NMSettingCdma *s_cdma; NMSettingSerial *s_serial; NMSettingPpp *s_ppp; - const char *format = NULL, *preferred = NULL; + const char *fallback_prefix = NULL, *preferred = NULL; s_gsm = nm_connection_get_setting_gsm (connection); s_cdma = nm_connection_get_setting_cdma (connection); @@ -271,7 +271,7 @@ complete_connection (NMDevice *device, NM_SETTING_BLUETOOTH_TYPE, NM_SETTING_BLUETOOTH_TYPE_PANU, NULL); - format = _("PAN connection %d"); + fallback_prefix = _("PAN connection"); } else if (is_dun) { /* Make sure the device supports PAN */ if (!(priv->capabilities & NM_BT_CAPABILITY_DUN)) { @@ -296,15 +296,15 @@ complete_connection (NMDevice *device, NULL); if (s_gsm) { - format = _("GSM connection %d"); + fallback_prefix = _("GSM connection"); if (!nm_setting_gsm_get_number (s_gsm)) g_object_set (G_OBJECT (s_gsm), NM_SETTING_GSM_NUMBER, "*99#", NULL); } else if (s_cdma) { - format = _("CDMA connection %d"); + fallback_prefix = _("CDMA connection"); if (!nm_setting_cdma_get_number (s_cdma)) g_object_set (G_OBJECT (s_cdma), NM_SETTING_GSM_NUMBER, "#777", NULL); } else - format = _("DUN connection %d"); + fallback_prefix = _("DUN connection"); } else { g_set_error_literal (error, NM_SETTING_BLUETOOTH_ERROR, @@ -316,8 +316,8 @@ complete_connection (NMDevice *device, nm_utils_complete_generic (connection, NM_SETTING_BLUETOOTH_SETTING_NAME, existing_connections, - format, preferred, + fallback_prefix, is_dun ? FALSE : TRUE); /* No IPv6 yet for DUN */ setting_bdaddr = nm_setting_bluetooth_get_bdaddr (s_bt); diff --git a/src/devices/nm-device-bond.c b/src/devices/nm-device-bond.c index f5d1fa082a..4f6fbfadf9 100644 --- a/src/devices/nm-device-bond.c +++ b/src/devices/nm-device-bond.c @@ -136,8 +136,8 @@ complete_connection (NMDevice *device, nm_utils_complete_generic (connection, NM_SETTING_BOND_SETTING_NAME, existing_connections, - _("Bond connection %d"), NULL, + _("Bond connection"), TRUE); s_bond = nm_connection_get_setting_bond (connection); diff --git a/src/devices/nm-device-bridge.c b/src/devices/nm-device-bridge.c index bb3b584f7a..0197a95354 100644 --- a/src/devices/nm-device-bridge.c +++ b/src/devices/nm-device-bridge.c @@ -144,8 +144,8 @@ complete_connection (NMDevice *device, nm_utils_complete_generic (connection, NM_SETTING_BRIDGE_SETTING_NAME, existing_connections, - _("Bridge connection %d"), NULL, + _("Bridge connection"), TRUE); s_bridge = nm_connection_get_setting_bridge (connection); diff --git a/src/devices/nm-device-ethernet.c b/src/devices/nm-device-ethernet.c index bc10b1d4f5..44a9d89bbc 100644 --- a/src/devices/nm-device-ethernet.c +++ b/src/devices/nm-device-ethernet.c @@ -1446,8 +1446,8 @@ complete_connection (NMDevice *device, nm_utils_complete_generic (connection, s_pppoe ? NM_SETTING_PPPOE_SETTING_NAME : NM_SETTING_WIRED_SETTING_NAME, existing_connections, - s_pppoe ? _("PPPoE connection %d") : _("Wired connection %d"), NULL, + s_pppoe ? _("PPPoE connection") : _("Wired connection"), s_pppoe ? FALSE : TRUE); /* No IPv6 by default yet for PPPoE */ s_wired = nm_connection_get_setting_wired (connection); diff --git a/src/devices/nm-device-infiniband.c b/src/devices/nm-device-infiniband.c index 05329f3363..d35c4f21b8 100644 --- a/src/devices/nm-device-infiniband.c +++ b/src/devices/nm-device-infiniband.c @@ -230,8 +230,8 @@ complete_connection (NMDevice *device, nm_utils_complete_generic (connection, NM_SETTING_INFINIBAND_SETTING_NAME, existing_connections, - _("InfiniBand connection %d"), NULL, + _("InfiniBand connection"), TRUE); s_infiniband = nm_connection_get_setting_infiniband (connection); diff --git a/src/devices/nm-device-vlan.c b/src/devices/nm-device-vlan.c index 65596ae847..d2d2e9ad69 100644 --- a/src/devices/nm-device-vlan.c +++ b/src/devices/nm-device-vlan.c @@ -226,8 +226,8 @@ complete_connection (NMDevice *device, nm_utils_complete_generic (connection, NM_SETTING_VLAN_SETTING_NAME, existing_connections, - _("VLAN connection %d"), NULL, + _("VLAN connection"), TRUE); s_vlan = nm_connection_get_setting_vlan (connection); diff --git a/src/devices/team/nm-device-team.c b/src/devices/team/nm-device-team.c index 40e3a47873..d454c70871 100644 --- a/src/devices/team/nm-device-team.c +++ b/src/devices/team/nm-device-team.c @@ -147,8 +147,8 @@ complete_connection (NMDevice *device, nm_utils_complete_generic (connection, NM_SETTING_TEAM_SETTING_NAME, existing_connections, - _("Team connection %d"), NULL, + _("Team connection"), TRUE); s_team = nm_connection_get_setting_team (connection); diff --git a/src/devices/wifi/nm-device-olpc-mesh.c b/src/devices/wifi/nm-device-olpc-mesh.c index 6113895496..fea6aa5c4c 100644 --- a/src/devices/wifi/nm-device-olpc-mesh.c +++ b/src/devices/wifi/nm-device-olpc-mesh.c @@ -162,8 +162,8 @@ complete_connection (NMDevice *device, nm_utils_complete_generic (connection, NM_SETTING_OLPC_MESH_SETTING_NAME, existing_connections, - _("Mesh %d"), NULL, + _("Mesh"), FALSE); /* No IPv6 by default */ return TRUE; diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c index 58ff2ab306..8741569951 100644 --- a/src/devices/wifi/nm-device-wifi.c +++ b/src/devices/wifi/nm-device-wifi.c @@ -981,7 +981,7 @@ complete_connection (NMDevice *device, NMSettingWirelessSecurity *s_wsec; NMSetting8021x *s_8021x; const GByteArray *setting_mac; - char *format, *str_ssid = NULL; + char *str_ssid = NULL; NMAccessPoint *ap = NULL; const GByteArray *ssid = NULL; GSList *iter; @@ -1103,16 +1103,14 @@ complete_connection (NMDevice *device, g_assert (ssid); str_ssid = nm_utils_ssid_to_utf8 (ssid); - format = g_strdup_printf ("%s %%d", str_ssid); nm_utils_complete_generic (connection, NM_SETTING_WIRELESS_SETTING_NAME, existing_connections, - format, + str_ssid, str_ssid, TRUE); g_free (str_ssid); - g_free (format); if (hidden) g_object_set (s_wifi, NM_SETTING_WIRELESS_HIDDEN, TRUE, NULL); diff --git a/src/devices/wimax/nm-device-wimax.c b/src/devices/wimax/nm-device-wimax.c index fad1bb5401..ddc501b3c9 100644 --- a/src/devices/wimax/nm-device-wimax.c +++ b/src/devices/wimax/nm-device-wimax.c @@ -373,7 +373,6 @@ complete_connection (NMDevice *device, NMSettingWimax *s_wimax; const GByteArray *setting_mac; const char *hw_address; - char *format; const char *nsp_name = NULL; NMWimaxNsp *nsp = NULL; GSList *iter; @@ -438,14 +437,12 @@ complete_connection (NMDevice *device, } g_assert (nsp_name); - format = g_strdup_printf ("%s %%d", nsp_name); nm_utils_complete_generic (connection, NM_SETTING_WIMAX_SETTING_NAME, existing_connections, - format, + nsp_name, nsp_name, TRUE); - g_free (format); g_object_set (G_OBJECT (s_wimax), NM_SETTING_WIMAX_NETWORK_NAME, nsp_name, NULL); setting_mac = nm_setting_wimax_get_mac_address (s_wimax); diff --git a/src/devices/wwan/nm-modem-broadband.c b/src/devices/wwan/nm-modem-broadband.c index bdabc76815..37426c7177 100644 --- a/src/devices/wwan/nm-modem-broadband.c +++ b/src/devices/wwan/nm-modem-broadband.c @@ -479,8 +479,8 @@ complete_connection (NMModem *_self, nm_utils_complete_generic (connection, NM_SETTING_GSM_SETTING_NAME, existing_connections, - _("GSM connection %d"), NULL, + _("GSM connection"), FALSE); /* No IPv6 yet by default */ return TRUE; @@ -501,8 +501,8 @@ complete_connection (NMModem *_self, nm_utils_complete_generic (connection, NM_SETTING_CDMA_SETTING_NAME, existing_connections, - _("CDMA connection %d"), NULL, + _("CDMA connection"), FALSE); /* No IPv6 yet by default */ return TRUE; diff --git a/src/nm-manager.c b/src/nm-manager.c index 80291bed5c..fd7d071456 100644 --- a/src/nm-manager.c +++ b/src/nm-manager.c @@ -3435,8 +3435,8 @@ impl_manager_add_and_activate_connection (NMManager *self, nm_utils_complete_generic (connection, NM_SETTING_VPN_SETTING_NAME, all_connections, - _("VPN connection %d"), NULL, + _("VPN connection"), FALSE); /* No IPv6 by default for now */ } else { /* Let each device subclass complete the connection */ |