From 5247e2f8f558a42a49ebb706fa52b3d7dcaceb11 Mon Sep 17 00:00:00 2001 From: Antonio Cardace Date: Tue, 9 Jun 2020 11:29:42 +0200 Subject: [PATCH] setting-ip-config: validate route attributes in verify() It's better to verify these route attributes so that the user can be notified early if something is not supported or invalid. The downside is that some incorrect profiles (with invalid route attributes) that previously would work since this commit will not anymore as the incorrect bits don't get ignored but rejected instead. https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/407 https://bugzilla.redhat.com/show_bug.cgi?id=1821787 (cherry picked from commit 7781f7843546aeea26ac8a7b67af7707768f1fc0) --- libnm-core/nm-setting-ip-config.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/libnm-core/nm-setting-ip-config.c b/libnm-core/nm-setting-ip-config.c index c750e97e31..bc81129177 100644 --- a/libnm-core/nm-setting-ip-config.c +++ b/libnm-core/nm-setting-ip-config.c @@ -5059,6 +5059,7 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) /* Validate routes */ for (i = 0; i < priv->routes->len; i++) { + gs_free_error GError *local = NULL; NMIPRoute *route = (NMIPRoute *) priv->routes->pdata[i]; if (nm_ip_route_get_family (route) != NM_SETTING_IP_CONFIG_GET_FAMILY (setting)) { @@ -5070,6 +5071,19 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) g_prefix_error (error, "%s.%s: ", nm_setting_get_name (setting), NM_SETTING_IP_CONFIG_ROUTES); return FALSE; } + + if (!_nm_ip_route_attribute_validate_all (route, &local)) { + g_set_error (error, + NM_CONNECTION_ERROR, + NM_CONNECTION_ERROR_INVALID_PROPERTY, + _("invalid attribute: %s"), + local->message); + g_prefix_error (error, + "%s.%s: ", + nm_setting_get_name (setting), + NM_SETTING_IP_CONFIG_ROUTES); + return FALSE; + } } if (priv->routing_rules) {