fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-20 16:20:05 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

merge: branch 'bg/supplicant-blob-size'

Browse source 
supplicant: properly validate blobs

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2334
This commit is contained in:
Beniamino Galvani 2025-12-19 17:09:47 +00:00
commit 18480300c7
2 changed files with 23 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/core/nm-core-utils.c
View file

@ -5163,6 +5163,14 @@ helper_have_data(int fd, GIOCondition condition, gpointer user_data)
n_read = nm_utils_fd_read(fd, &info->in_buffer); n_read = nm_utils_fd_read(fd, &info->in_buffer);
_LOG2T(info, "read returns %ld", (long) n_read); _LOG2T(info, "read returns %ld", (long) n_read);
if (info->in_buffer.len > 32 * 1024 * 1024) {
helper_complete(info,
g_error_new_literal(NM_UTILS_ERROR,
NM_UTILS_ERROR_UNKNOWN,
"the output is larger than 32MiB"));
return G_SOURCE_CONTINUE;
}
if (n_read > 0) if (n_read > 0)
return G_SOURCE_CONTINUE; return G_SOURCE_CONTINUE;

20
src/core/supplicant/nm-supplicant-config.c
View file

@ -206,20 +206,30 @@ nm_supplicant_config_add_blob(NMSupplicantConfig *self,
ConfigOption *old_opt; ConfigOption *old_opt;
ConfigOption *opt; ConfigOption *opt;
NMSupplOptType type; NMSupplOptType type;
const guint8 *data;
gsize data_len; gsize data_len;
gs_free char *full_value = NULL;
g_return_val_if_fail(NM_IS_SUPPLICANT_CONFIG(self), FALSE); g_return_val_if_fail(NM_IS_SUPPLICANT_CONFIG(self), FALSE);
g_return_val_if_fail(key != NULL, FALSE); g_return_val_if_fail(key != NULL, FALSE);
g_return_val_if_fail(value != NULL, FALSE); g_return_val_if_fail(value != NULL, FALSE);
g_return_val_if_fail(blobid != NULL, FALSE); g_return_val_if_fail(blobid != NULL, FALSE);
data = g_bytes_get_data(value, &data_len); g_bytes_get_data(value, &data_len);
g_return_val_if_fail(data_len > 0, FALSE); g_return_val_if_fail(data_len > 0, FALSE);
priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE(self); if (data_len > 32 * 1024 * 1024) {
g_set_error(error,
NM_SUPPLICANT_ERROR,
NM_SUPPLICANT_ERROR_CONFIG,
"blob '%s' is larger than 32MiB",
key);
return FALSE;
}
type = nm_supplicant_settings_verify_setting(key, (const char *) data, data_len); priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE(self);
full_value = g_strdup_printf("blob://%s", blobid);
type = nm_supplicant_settings_verify_setting(key, full_value, strlen(full_value));
if (type == NM_SUPPL_OPT_TYPE_INVALID) { if (type == NM_SUPPL_OPT_TYPE_INVALID) {
g_set_error(error, g_set_error(error,
NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR,
@ -240,7 +250,7 @@ nm_supplicant_config_add_blob(NMSupplicantConfig *self,
} }
opt = g_slice_new0(ConfigOption); opt = g_slice_new0(ConfigOption);
opt->value = g_strdup_printf("blob://%s", blobid); opt->value = g_steal_pointer(&full_value);
opt->len = strlen(opt->value); opt->len = strlen(opt->value);
opt->type = type; opt->type = type;