diff options
author | Thomas Haller <thaller@redhat.com> | 2020-04-24 09:31:30 +0200 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2020-04-24 10:09:50 +0200 |
commit | cedcea5ee812ce99a62d47b400518401e018bf74 (patch) | |
tree | a5bb689566717fd5150afab435387bef663db734 | |
parent | de2062c08d71fa603448cd3ef260d7ad62896a73 (diff) | |
download | NetworkManager-cedcea5ee812ce99a62d47b400518401e018bf74.tar.gz |
libnm: fix verification of connection:mud-url property
For one, the setters sd_dhcp_client_set_mud_url() and sd_dhcp6_client_set_request_mud_url()
assert that the value honors these settings. So, we must never pass such values to the
function. Also, before calling n_dhcp4_client_probe_config_append_option()
the code doesn't check whether the URL is short enough. That would be
a bug (unless we ensure that the property is valid from the beginning).
In general, it is necessary to strictly validate the parameter.
Also, returning NM_SETTING_VERIFY_NORMALIZABLE_ERROR for a property that does
not get normalized is a bug.
-rw-r--r-- | libnm-core/nm-setting-connection.c | 33 |
1 files changed, 24 insertions, 9 deletions
diff --git a/libnm-core/nm-setting-connection.c b/libnm-core/nm-setting-connection.c index caacdf36c5..545dd8168c 100644 --- a/libnm-core/nm-setting-connection.c +++ b/libnm-core/nm-setting-connection.c @@ -16,6 +16,7 @@ #include "nm-setting-bridge.h" #include "nm-setting-team.h" #include "nm-setting-vlan.h" +#include "systemd/nm-sd-utils-shared.h" /** * SECTION:nm-setting-connection @@ -1230,6 +1231,27 @@ after_interface_name: return FALSE; } + if (priv->mud_url) { + if (!priv->mud_url[0]) { + g_set_error_literal (error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_INVALID_PROPERTY, + _("property is empty")); + g_prefix_error (error, "%s.%s: ", nm_setting_get_name (setting), NM_SETTING_CONNECTION_MUD_URL); + return FALSE; + } + if (strlen (priv->mud_url) > 255) { + g_set_error_literal (error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_INVALID_PROPERTY, + _("DHCP option cannot be longer than 255 characters")); + g_prefix_error (error, "%s.%s: ", nm_setting_get_name (setting), NM_SETTING_CONNECTION_MUD_URL); + return FALSE; + } + if (!nm_sd_http_url_is_valid (priv->mud_url)) { + g_set_error_literal (error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_INVALID_PROPERTY, + _("MUD URL is not a valid URL")); + g_prefix_error (error, "%s.%s: ", nm_setting_get_name (setting), NM_SETTING_CONNECTION_MUD_URL); + return FALSE; + } + } + /* *** errors above here should be always fatal, below NORMALIZABLE_ERROR *** */ if (!priv->uuid) { @@ -1241,13 +1263,6 @@ after_interface_name: return NM_SETTING_VERIFY_NORMALIZABLE_ERROR; } - if (priv->mud_url && !*priv->mud_url) { - g_set_error_literal (error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_INVALID_PROPERTY, - _("property is empty")); - g_prefix_error (error, "%s.%s: ", nm_setting_get_name (setting), NM_SETTING_CONNECTION_MUD_URL); - return NM_SETTING_VERIFY_NORMALIZABLE_ERROR; - } - if (normerr_base_type) { g_set_error (error, NM_CONNECTION_ERROR, @@ -1493,8 +1508,8 @@ get_property (GObject *object, guint prop_id, case PROP_WAIT_DEVICE_TIMEOUT: g_value_set_int (value, priv->wait_device_timeout); break; - case PROP_MUD_URL: - g_value_set_string (value, nm_setting_connection_get_mud_url(setting)); + case PROP_MUD_URL: + g_value_set_string (value, priv->mud_url); break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); |