libnm: fix verification of connection:mud-url property

For one, the setters sd_dhcp_client_set_mud_url() and sd_dhcp6_client_set_request_mud_url()
assert that the value honors these settings. So, we must never pass such values to the
function. Also, before calling n_dhcp4_client_probe_config_append_option()
the code doesn't check whether the URL is short enough. That would be
a bug (unless we ensure that the property is valid from the beginning).

In general, it is necessary to strictly validate the parameter.

Also, returning NM_SETTING_VERIFY_NORMALIZABLE_ERROR for a property that does
not get normalized is a bug.

1 files changed, 24 insertions, 9 deletions

diff --git a/libnm-core/nm-setting-connection.c b/libnm-core/nm-setting-connection.c
index caacdf36c5..545dd8168c 100644
--- a/libnm-core/nm-setting-connection.c
+++ b/libnm-core/nm-setting-connection.c
@@ -16,6 +16,7 @@
 #include "nm-setting-bridge.h"
 #include "nm-setting-team.h"
 #include "nm-setting-vlan.h"
+#include "systemd/nm-sd-utils-shared.h"
 
 /**
  * SECTION:nm-setting-connection
@@ -1230,6 +1231,27 @@ after_interface_name:
 		return FALSE;
 	}
 
+	if (priv->mud_url) {
+		if (!priv->mud_url[0]) {
+			g_set_error_literal (error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_INVALID_PROPERTY,
+			                     _("property is empty"));
+			g_prefix_error (error, "%s.%s: ", nm_setting_get_name (setting), NM_SETTING_CONNECTION_MUD_URL);
+			return FALSE;
+		}
+		if (strlen (priv->mud_url) > 255) {
+			g_set_error_literal (error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_INVALID_PROPERTY,
+			                     _("DHCP option cannot be longer than 255 characters"));
+			g_prefix_error (error, "%s.%s: ", nm_setting_get_name (setting), NM_SETTING_CONNECTION_MUD_URL);
+			return FALSE;
+		}
+		if (!nm_sd_http_url_is_valid (priv->mud_url)) {
+			g_set_error_literal (error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_INVALID_PROPERTY,
+			                     _("MUD URL is not a valid URL"));
+			g_prefix_error (error, "%s.%s: ", nm_setting_get_name (setting), NM_SETTING_CONNECTION_MUD_URL);
+			return FALSE;
+		}
+	}
+
 	/* *** errors above here should be always fatal, below NORMALIZABLE_ERROR *** */
 
 	if (!priv->uuid) {
@@ -1241,13 +1263,6 @@ after_interface_name:
 		return NM_SETTING_VERIFY_NORMALIZABLE_ERROR;
 	}
 
-	if (priv->mud_url && !*priv->mud_url) {
-		g_set_error_literal (error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_INVALID_PROPERTY,
-		                     _("property is empty"));
-		g_prefix_error (error, "%s.%s: ", nm_setting_get_name (setting), NM_SETTING_CONNECTION_MUD_URL);
-		return NM_SETTING_VERIFY_NORMALIZABLE_ERROR;
-	}
-
 	if (normerr_base_type) {
 		g_set_error (error,
 		             NM_CONNECTION_ERROR,
@@ -1493,8 +1508,8 @@ get_property (GObject *object, guint prop_id,
 	case PROP_WAIT_DEVICE_TIMEOUT:
 		g_value_set_int (value, priv->wait_device_timeout);
 		break;
-        case PROP_MUD_URL:
-		g_value_set_string (value, nm_setting_connection_get_mud_url(setting));
+	case PROP_MUD_URL:
+		g_value_set_string (value, priv->mud_url);
 		break;
 	default:
 		G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);