diff options
author | Jiří Klimeš <jklimes@redhat.com> | 2015-03-20 14:02:19 +0100 |
---|---|---|
committer | Jiří Klimeš <jklimes@redhat.com> | 2015-03-24 12:19:17 +0100 |
commit | ba35c63db60aa652528e492aa483c971b9217f1e (patch) | |
tree | d24066693ee7268b4077c2fb662a435adbd31290 /libnm-util/nm-setting-ip6-config.c | |
parent | 99df201a0cca6a9bddfbcf7434597a2f0123b196 (diff) | |
download | NetworkManager-ba35c63db60aa652528e492aa483c971b9217f1e.tar.gz |
libnm-util: allow 0.0.0.0/1 route in verify() (rh #1203904)
OpenVPN uses a trick to override default route by adding these two routes:
0.0.0.0/1 and 128.0.0.0/1.
We should allow this and only refuse real default route (i.e. prefix == 0).
Also verify IPv6 addresses and routes.
See:
man openvpn (search for def1)
https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway
https://bugzilla.redhat.com/show_bug.cgi?id=1203904
Diffstat (limited to 'libnm-util/nm-setting-ip6-config.c')
-rw-r--r-- | libnm-util/nm-setting-ip6-config.c | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/libnm-util/nm-setting-ip6-config.c b/libnm-util/nm-setting-ip6-config.c index 654f04962a..4e69a0727c 100644 --- a/libnm-util/nm-setting-ip6-config.c +++ b/libnm-util/nm-setting-ip6-config.c @@ -825,6 +825,8 @@ static gboolean verify (NMSetting *setting, GSList *all_settings, GError **error) { NMSettingIP6ConfigPrivate *priv = NM_SETTING_IP6_CONFIG_GET_PRIVATE (setting); + GSList *iter; + int i; if (!priv->method) { g_set_error_literal (error, @@ -899,6 +901,48 @@ verify (NMSetting *setting, GSList *all_settings, GError **error) return FALSE; } + /* Validate addresses */ + for (iter = priv->addresses, i = 0; iter; iter = g_slist_next (iter), i++) { + NMIP6Address *addr = (NMIP6Address *) iter->data; + guint32 prefix = nm_ip6_address_get_prefix (addr); + + if (IN6_IS_ADDR_UNSPECIFIED (nm_ip6_address_get_address (addr))) { + g_set_error (error, + NM_SETTING_IP6_CONFIG_ERROR, + NM_SETTING_IP6_CONFIG_ERROR_INVALID_PROPERTY, + _("%d. IPv6 address is invalid"), + i+1); + g_prefix_error (error, "%s.%s: ", NM_SETTING_IP6_CONFIG_SETTING_NAME, NM_SETTING_IP6_CONFIG_ADDRESSES); + return FALSE; + } + + if (!prefix || prefix > 128) { + g_set_error (error, + NM_SETTING_IP6_CONFIG_ERROR, + NM_SETTING_IP6_CONFIG_ERROR_INVALID_PROPERTY, + _("%d. IPv6 address has invalid prefix"), + i+1); + g_prefix_error (error, "%s.%s: ", NM_SETTING_IP6_CONFIG_SETTING_NAME, NM_SETTING_IP6_CONFIG_ADDRESSES); + return FALSE; + } + } + + /* Validate routes */ + for (iter = priv->routes, i = 0; iter; iter = g_slist_next (iter), i++) { + NMIP6Route *route = (NMIP6Route *) iter->data; + guint32 prefix = nm_ip6_route_get_prefix (route); + + if (!prefix || prefix > 128) { + g_set_error (error, + NM_SETTING_IP6_CONFIG_ERROR, + NM_SETTING_IP6_CONFIG_ERROR_INVALID_PROPERTY, + _("%d. route has invalid prefix"), + i+1); + g_prefix_error (error, "%s.%s: ", NM_SETTING_IP6_CONFIG_SETTING_NAME, NM_SETTING_IP6_CONFIG_ROUTES); + return FALSE; + } + } + return TRUE; } |