core: add assertions for network_id/stable_type

We require a network-id. Assert that it is set. Also, we encode the stable-id as uint8. Thus, add an assertion that we don't use more then 254 IDs. If we ever make use of stable-type 255, we must extend the encoding to allow for more values. The assertion is there to catch that.
2025-12-30 14:20:17 +01:00 · 2016-12-18 14:03:38 +01:00 · 2016-12-18 14:03:38 +01:00 · 21ae09c1cc
commit 21ae09c1cc
parent 46d53e1101
6 changed files with 26 additions and 16 deletions
--- a/src/ndisc/nm-fake-ndisc.c
+++ b/src/ndisc/nm-fake-ndisc.c
@ -374,6 +374,8 @@ nm_fake_ndisc_new (int ifindex, const char *ifname)
 	                     NM_NDISC_IFINDEX, ifindex,
 	                     NM_NDISC_IFNAME, ifname,
 	                     NM_NDISC_NODE_TYPE, (int) NM_NDISC_NODE_TYPE_HOST,
+	                     NM_NDISC_STABLE_TYPE, (int) NM_UTILS_STABLE_TYPE_UUID,
+	                     NM_NDISC_NETWORK_ID, "fake",
 	                     NULL);
 }

--- a/src/ndisc/nm-lndp-ndisc.c
+++ b/src/ndisc/nm-lndp-ndisc.c
@ -550,6 +550,7 @@ nm_lndp_ndisc_new (NMPlatform *platform,

 	g_return_val_if_fail (NM_IS_PLATFORM (platform), NULL);
 	g_return_val_if_fail (!error || !*error, NULL);
+	g_return_val_if_fail (network_id, NULL);

 	if (!nm_platform_netns_push (platform, &netns))
 		return NULL;
--- a/src/ndisc/nm-ndisc.c
+++ b/src/ndisc/nm-ndisc.c
@ -1054,6 +1054,7 @@ set_property (GObject *object, guint prop_id,
 	case PROP_NETWORK_ID:
 		/* construct-only */
 		priv->network_id = g_value_dup_string (value);
+		g_return_if_fail (priv->network_id);
 		break;
 	case PROP_ADDR_GEN_MODE:
 		/* construct-only */
--- a/src/nm-core-utils.c
+++ b/src/nm-core-utils.c
@ -3268,7 +3268,7 @@ nm_utils_inet6_interface_identifier_to_token (NMUtilsIPv6IfaceId iid, char *buf)
 /*****************************************************************************/

 static gboolean
-_set_stable_privacy (guint8 stable_type,
+_set_stable_privacy (NMUtilsStableType stable_type,
                     struct in6_addr *addr,
                     const char *ifname,
                     const char *network_id,
@ -3282,7 +3282,8 @@ _set_stable_privacy (guint8 stable_type,
 	guint32 tmp[2];
 	gsize len = sizeof (digest);

-	g_return_val_if_fail (key_len, FALSE);
+	nm_assert (key_len);
+	nm_assert (network_id);

 	/* Documentation suggests that this can fail.
 	 * Maybe in case of a missing algorithm in crypto library? */
@ -3296,6 +3297,11 @@ _set_stable_privacy (guint8 stable_type,
 	key_len = MIN (key_len, G_MAXUINT32);

 	if (stable_type != NM_UTILS_STABLE_TYPE_UUID) {
+		guint8 stable_type_uint8;
+
+		nm_assert (stable_type < (NMUtilsStableType) 255);
+		stable_type_uint8 = (guint8) stable_type;
+
 		/* Preferably, we would always like to include the stable-type,
 		 * but for backward compatibility reasons, we cannot for UUID.
 		 *
@ -3305,13 +3311,11 @@ _set_stable_privacy (guint8 stable_type,
 		 * and the terminating '\0' of @network_id, it is unambigiously
 		 * possible to revert the process and deduce the @stable_type.
 		 */
-		g_checksum_update (sum, &stable_type, sizeof (stable_type));
+		g_checksum_update (sum, &stable_type_uint8, sizeof (stable_type_uint8));
 	}

 	g_checksum_update (sum, addr->s6_addr, 8);
 	g_checksum_update (sum, (const guchar *) ifname, strlen (ifname) + 1);
-	if (!network_id)
-		network_id = "";
 	g_checksum_update (sum, (const guchar *) network_id, strlen (network_id) + 1);
 	tmp[0] = htonl (dad_counter);
 	tmp[1] = htonl (key_len);
@ -3329,7 +3333,7 @@ _set_stable_privacy (guint8 stable_type,
 }

 gboolean
-nm_utils_ipv6_addr_set_stable_privacy_impl (guint8 stable_type,
+nm_utils_ipv6_addr_set_stable_privacy_impl (NMUtilsStableType stable_type,
                                            struct in6_addr *addr,
                                            const char *ifname,
                                            const char *network_id,
@ -3361,9 +3365,7 @@ nm_utils_ipv6_addr_set_stable_privacy (NMUtilsStableType stable_type,
 	gs_free guint8 *secret_key = NULL;
 	gsize key_len = 0;

-	nm_assert (NM_IN_SET (stable_type,
-	                      NM_UTILS_STABLE_TYPE_UUID,
-	                      NM_UTILS_STABLE_TYPE_STABLE_ID));
+	g_return_val_if_fail (network_id, FALSE);

 	if (dad_counter >= RFC7217_IDGEN_RETRIES) {
 		g_set_error_literal (error, NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN,
@ -3463,9 +3465,6 @@ _hw_addr_gen_stable_eth (NMUtilsStableType stable_type,
 	guint8 stable_type_uint8;

 	nm_assert (stable_id);
-	nm_assert (NM_IN_SET (stable_type,
-	                      NM_UTILS_STABLE_TYPE_UUID,
-	                      NM_UTILS_STABLE_TYPE_STABLE_ID));
 	nm_assert (secret_key);

 	sum = g_checksum_new (G_CHECKSUM_SHA256);
@ -3474,6 +3473,7 @@ _hw_addr_gen_stable_eth (NMUtilsStableType stable_type,

 	key_len = MIN (key_len, G_MAXUINT32);

+	nm_assert (stable_type < (NMUtilsStableType) 255);
 	stable_type_uint8 = stable_type;
 	g_checksum_update (sum, (const guchar *) &stable_type_uint8, sizeof (stable_type_uint8));

--- a/src/nm-core-utils.h
+++ b/src/nm-core-utils.h
@ -362,13 +362,19 @@ gboolean nm_utils_get_ipv6_interface_identifier (NMLinkType link_type,
                                                 guint dev_id,
                                                 NMUtilsIPv6IfaceId *out_iid);

-typedef enum { /*< skip >*/
+typedef enum {
+	/* The stable type. Note that this value is encoded in the
+	 * generated addresses, thus the numbers MUST not change.
+	 *
+	 * Also note, if we ever allocate ID 255, we must take care
+	 * that nm_utils_ipv6_addr_set_stable_privacy() extends the
+	 * uint8 encoding of this value. */
 	NM_UTILS_STABLE_TYPE_UUID = 0,
 	NM_UTILS_STABLE_TYPE_STABLE_ID = 1,
 } NMUtilsStableType;


-gboolean nm_utils_ipv6_addr_set_stable_privacy_impl (guint8 stable_type,
+gboolean nm_utils_ipv6_addr_set_stable_privacy_impl (NMUtilsStableType stable_type,
                                                     struct in6_addr *addr,
                                                     const char *ifname,
                                                     const char *network_id,
--- a/src/tests/test-utils.c
+++ b/src/tests/test-utils.c
@ -37,12 +37,12 @@ test_stable_privacy (void)

 	/* We get an address without the UUID. */
 	inet_pton (AF_INET6, "1::", &addr1);
-	nm_utils_ipv6_addr_set_stable_privacy_impl (NM_UTILS_STABLE_TYPE_UUID, &addr1, "eth666", NULL, 384, (guint8 *) "key", 3, NULL);
+	nm_utils_ipv6_addr_set_stable_privacy_impl (NM_UTILS_STABLE_TYPE_UUID, &addr1, "eth666", "", 384, (guint8 *) "key", 3, NULL);
 	nmtst_assert_ip6_address (&addr1, "1::11aa:2530:9144:dafa");

 	/* We get a different address in a different network. */
 	inet_pton (AF_INET6, "2::", &addr1);
-	nm_utils_ipv6_addr_set_stable_privacy_impl (NM_UTILS_STABLE_TYPE_UUID, &addr1, "eth666", NULL, 384, (guint8 *) "key", 3, NULL);
+	nm_utils_ipv6_addr_set_stable_privacy_impl (NM_UTILS_STABLE_TYPE_UUID, &addr1, "eth666", "", 384, (guint8 *) "key", 3, NULL);
 	nmtst_assert_ip6_address (&addr1, "2::338e:8d:c11:8726");

 	inet_pton (AF_INET6, "1234::", &addr1);