fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-27 17:30:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

libnm-util: allow 0.0.0.0/1 route in verify() (rh #1203904)

Browse source 
OpenVPN uses a trick to override default route by adding these two routes:
0.0.0.0/1 and 128.0.0.0/1.
We should allow this and only refuse real default route (i.e. prefix == 0).

Also verify IPv6 addresses and routes.

See:
man openvpn (search for def1)
https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway

https://bugzilla.redhat.com/show_bug.cgi?id=1203904

(cherry picked from commit ba35c63db6)
This commit is contained in:
Jiří Klimeš 2015-03-20 14:02:19 +01:00
parent 9fa5e9af58
commit cd5c9043fa
2 changed files with 44 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
libnm-util/nm-setting-ip4-config.c
View file

@ -959,16 +959,6 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
NMIP4Route *route = (NMIP4Route *) iter->data;
guint32 prefix = nm_ip4_route_get_prefix (route);
if (!nm_ip4_route_get_dest (route)) {
g_set_error (error,
NM_SETTING_IP4_CONFIG_ERROR,
NM_SETTING_IP4_CONFIG_ERROR_INVALID_PROPERTY,
_("%d. route is invalid"),
i+1);
g_prefix_error (error, "%s.%s: ", NM_SETTING_IP4_CONFIG_SETTING_NAME, NM_SETTING_IP4_CONFIG_ROUTES);
return FALSE;
}
if (!prefix || prefix > 32) {
g_set_error (error,
NM_SETTING_IP4_CONFIG_ERROR,

44
libnm-util/nm-setting-ip6-config.c
View file

@ -825,6 +825,8 @@ static gboolean
verify (NMSetting *setting, GSList *all_settings, GError **error)
{
NMSettingIP6ConfigPrivate *priv = NM_SETTING_IP6_CONFIG_GET_PRIVATE (setting);
GSList *iter;
int i;
if (!priv->method) {
g_set_error_literal (error,
@ -899,6 +901,48 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
return FALSE;
}
/* Validate addresses */
for (iter = priv->addresses, i = 0; iter; iter = g_slist_next (iter), i++) {
NMIP6Address *addr = (NMIP6Address *) iter->data;
guint32 prefix = nm_ip6_address_get_prefix (addr);
if (IN6_IS_ADDR_UNSPECIFIED (nm_ip6_address_get_address (addr))) {
g_set_error (error,
NM_SETTING_IP6_CONFIG_ERROR,
NM_SETTING_IP6_CONFIG_ERROR_INVALID_PROPERTY,
_("%d. IPv6 address is invalid"),
i+1);
g_prefix_error (error, "%s.%s: ", NM_SETTING_IP6_CONFIG_SETTING_NAME, NM_SETTING_IP6_CONFIG_ADDRESSES);
return FALSE;
}
if (!prefix || prefix > 128) {
g_set_error (error,
NM_SETTING_IP6_CONFIG_ERROR,
NM_SETTING_IP6_CONFIG_ERROR_INVALID_PROPERTY,
_("%d. IPv6 address has invalid prefix"),
i+1);
g_prefix_error (error, "%s.%s: ", NM_SETTING_IP6_CONFIG_SETTING_NAME, NM_SETTING_IP6_CONFIG_ADDRESSES);
return FALSE;
}
}
/* Validate routes */
for (iter = priv->routes, i = 0; iter; iter = g_slist_next (iter), i++) {
NMIP6Route *route = (NMIP6Route *) iter->data;
guint32 prefix = nm_ip6_route_get_prefix (route);
if (!prefix || prefix > 128) {
g_set_error (error,
NM_SETTING_IP6_CONFIG_ERROR,
NM_SETTING_IP6_CONFIG_ERROR_INVALID_PROPERTY,
_("%d. route has invalid prefix"),
i+1);
g_prefix_error (error, "%s.%s: ", NM_SETTING_IP6_CONFIG_SETTING_NAME, NM_SETTING_IP6_CONFIG_ROUTES);
return FALSE;
}
}
return TRUE;
}