libnm: fix crash in nm_ip_routing_rule_from_string()

import gi gi.require_version("NM", "1.0") from gi.repository import NM r = NM.IPRoutingRule.from_string('priority 10 type blackhole', NM.IPRoutingRuleAsStringFlags.AF_INET) r.to_string(NM.IPRoutingRuleAsStringFlags.NONE) r = NM.IPRoutingRule.from_string('priority 10 blackhole', NM.IPRoutingRuleAsStringFlags.AF_INET) r.to_string(NM.IPRoutingRuleAsStringFlags.NONE) r= NM.IPRoutingRule.from_string('priority 10 bogus', NM.IPRoutingRuleAsStringFlags.AF_INET) # CRASH Fixes: e922404990 ('libnm,core: support "prohibit"/"blackhole"/"unreachable" type routing rules')
2026-01-19 06:50:29 +01:00 · 2021-06-30 16:55:31 +02:00 · 2021-06-30 16:55:31 +02:00 · 668c90dbb8
commit 668c90dbb8
parent 3a4822c52c
2 changed files with 19 additions and 4 deletions
--- a/src/libnm-core-impl/nm-setting-ip-config.c
+++ b/src/libnm-core-impl/nm-setting-ip-config.c
@ -3528,14 +3528,11 @@ nm_ip_routing_rule_from_string(const char *                 str,
        }

        if (i_action < 0) {
-            i_action = nm_net_aux_rtnl_rtntype_a2n(word1);
+            i_action = nm_net_aux_rtnl_rtntype_a2n(word0);
            if (i_action >= 0)
                goto next_words_consumed;
        }

-        /* also the action is still unsupported. For the moment, we only support
-         * FR_ACT_TO_TBL, which is the default (by not expressing it on the command
-         * line). */
        g_set_error(error,
                    NM_CONNECTION_ERROR,
                    NM_CONNECTION_ERROR_FAILED,
--- a/src/libnm-core-impl/tests/test-setting.c
+++ b/src/libnm-core-impl/tests/test-setting.c
@ -4048,6 +4048,7 @@ test_routing_rule(gconstpointer test_data)
    nm_auto_unref_ip_routing_rule NMIPRoutingRule *rr1 = NULL;
    gboolean                                       success;
    char                                           ifname_buf[16];
+    gs_free_error GError *error = NULL;

    _rr_from_str("priority 5 from 0.0.0.0 table 1", "  from 0.0.0.0  priority  5 lookup 1 ");
    _rr_from_str("priority 5 from 0.0.0.0/0 table 4");
@ -4077,6 +4078,7 @@ test_routing_rule(gconstpointer test_data)
                 "priority 5 to 0.0.0.0 not dport 10-133 not table 6",
                 "priority 5 to 0.0.0.0 not dport 10-\\ 133 not table 6");
    _rr_from_str("priority 5 to 0.0.0.0 ipproto 10 sport 10 table 6");
+    _rr_from_str("priority 5 to 0.0.0.0 type blackhole", "priority 5 to 0.0.0.0 blackhole");

    rr1 = _rr_from_str_get("priority 5 from :: iif aab table 25");
    g_assert_cmpstr(nm_ip_routing_rule_get_iifname(rr1), ==, "aab");
@ -4125,6 +4127,22 @@ test_routing_rule(gconstpointer test_data)
    g_assert_cmpstr(ifname_buf, ==, "a\303\261,x;b");
    g_assert(success);
    nm_clear_pointer(&rr1, nm_ip_routing_rule_unref);
+
+    rr1 = nm_ip_routing_rule_from_string("priority   6 blackhole",
+                                         NM_IP_ROUTING_RULE_AS_STRING_FLAGS_AF_INET,
+                                         NULL,
+                                         &error);
+    nmtst_assert_success(rr1, error);
+    nm_clear_pointer(&rr1, nm_ip_routing_rule_unref);
+    nm_clear_error(&error);
+
+    rr1 = nm_ip_routing_rule_from_string("priority   6 bogus",
+                                         NM_IP_ROUTING_RULE_AS_STRING_FLAGS_AF_INET,
+                                         NULL,
+                                         &error);
+    nmtst_assert_no_success(rr1, error);
+    nm_clear_pointer(&rr1, nm_ip_routing_rule_unref);
+    nm_clear_error(&error);
 }

 /*****************************************************************************/