firewall-util: reject NULL source or address with prefixlen 0

Make sure we don't add masquerading rules without a explicitly
specified network range we should be masquerading for.

The only caller aside from test case is
networkd-address.c which never passes a NULL source.

As it also passes the network prefix, that should always be > 0 as well.

This causes expected test failure:
Failed to modify firewall: Invalid argument
Failed to modify firewall: Invalid argument
Failed to modify firewall: Invalid argument
Failed to modify firewall: Protocol not available
Failed to modify firewall: Protocol not available
Failed to modify firewall: Protocol not available
Failed to modify firewall: Protocol not available

The failing test cases are amended to expect failure on
NULL source or prefix instead of success.

1 files changed, 3 insertions, 0 deletions

diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c
index 974803903d..df020ba7a2 100644
--- a/src/shared/firewall-util.c
+++ b/src/shared/firewall-util.c
@@ -98,6 +98,9 @@ int fw_add_masquerade(
         if (af != AF_INET)
                 return -EOPNOTSUPP;
 
+        if (!source || source_prefixlen == 0)
+                return -EINVAL;
+
         h = iptc_init("nat");
         if (!h)
                 return -errno;