libnm-util: allow 0.0.0.0/1 route in verify() (rh #1203904)

OpenVPN uses a trick to override default route by adding these two routes: 0.0.0.0/1 and 128.0.0.0/1. We should allow this and only refuse real default route (i.e. prefix == 0). Also verify IPv6 addresses and routes. See: man openvpn (search for def1) https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway https://bugzilla.redhat.com/show_bug.cgi?id=1203904
author: Jiří Klimeš <jklimes@redhat.com> 2015-03-20 14:02:19 +0100
committer: Jiří Klimeš <jklimes@redhat.com> 2015-03-24 12:19:17 +0100
commit: ba35c63db60aa652528e492aa483c971b9217f1e (patch)
tree: d24066693ee7268b4077c2fb662a435adbd31290 /libnm-util/nm-setting-ip6-config.c
parent: 99df201a0cca6a9bddfbcf7434597a2f0123b196 (diff)
download: NetworkManager-ba35c63db60aa652528e492aa483c971b9217f1e.tar.gz
1 files changed, 44 insertions, 0 deletions
diff --git a/libnm-util/nm-setting-ip6-config.c b/libnm-util/nm-setting-ip6-config.c
index 654f04962a..4e69a0727c 100644
--- a/libnm-util/nm-setting-ip6-config.c
+++ b/libnm-util/nm-setting-ip6-config.c
@@ -825,6 +825,8 @@ static gboolean
 verify (NMSetting *setting, GSList *all_settings, GError **error)
 {
 	NMSettingIP6ConfigPrivate *priv = NM_SETTING_IP6_CONFIG_GET_PRIVATE (setting);
+	GSList *iter;
+	int i;
 
 	if (!priv->method) {
 		g_set_error_literal (error,
@@ -899,6 +901,48 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
 		return FALSE;
 	}
 
+	/* Validate addresses */
+	for (iter = priv->addresses, i = 0; iter; iter = g_slist_next (iter), i++) {
+		NMIP6Address *addr = (NMIP6Address *) iter->data;
+		guint32 prefix = nm_ip6_address_get_prefix (addr);
+
+		if (IN6_IS_ADDR_UNSPECIFIED (nm_ip6_address_get_address (addr))) {
+			g_set_error (error,
+			             NM_SETTING_IP6_CONFIG_ERROR,
+			             NM_SETTING_IP6_CONFIG_ERROR_INVALID_PROPERTY,
+			             _("%d. IPv6 address is invalid"),
+			             i+1);
+			g_prefix_error (error, "%s.%s: ", NM_SETTING_IP6_CONFIG_SETTING_NAME, NM_SETTING_IP6_CONFIG_ADDRESSES);
+			return FALSE;
+		}
+
+		if (!prefix || prefix > 128) {
+			g_set_error (error,
+			             NM_SETTING_IP6_CONFIG_ERROR,
+			             NM_SETTING_IP6_CONFIG_ERROR_INVALID_PROPERTY,
+			             _("%d. IPv6 address has invalid prefix"),
+			             i+1);
+			g_prefix_error (error, "%s.%s: ", NM_SETTING_IP6_CONFIG_SETTING_NAME, NM_SETTING_IP6_CONFIG_ADDRESSES);
+			return FALSE;
+		}
+	}
+
+	/* Validate routes */
+	for (iter = priv->routes, i = 0; iter; iter = g_slist_next (iter), i++) {
+		NMIP6Route *route = (NMIP6Route *) iter->data;
+		guint32 prefix = nm_ip6_route_get_prefix (route);
+
+		if (!prefix || prefix > 128) {
+			g_set_error (error,
+			             NM_SETTING_IP6_CONFIG_ERROR,
+			             NM_SETTING_IP6_CONFIG_ERROR_INVALID_PROPERTY,
+			             _("%d. route has invalid prefix"),
+			             i+1);
+			g_prefix_error (error, "%s.%s: ", NM_SETTING_IP6_CONFIG_SETTING_NAME, NM_SETTING_IP6_CONFIG_ROUTES);
+			return FALSE;
+		}
+	}
+
 	return TRUE;
 }
author	Jiří Klimeš <jklimes@redhat.com>	2015-03-20 14:02:19 +0100
committer	Jiří Klimeš <jklimes@redhat.com>	2015-03-24 12:19:17 +0100
commit	ba35c63db60aa652528e492aa483c971b9217f1e (patch)
tree	d24066693ee7268b4077c2fb662a435adbd31290 /libnm-util/nm-setting-ip6-config.c
parent	99df201a0cca6a9bddfbcf7434597a2f0123b196 (diff)
download	NetworkManager-ba35c63db60aa652528e492aa483c971b9217f1e.tar.gz