iwd: Enforce absolute state dir path, print warnings

Validate the state directory path, that we read from the configuration or from IWD, to be an absolute path. Print a warning if the value cannot be used and is not an empty string. https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/873
2025-12-28 18:00:10 +01:00 · 2021-05-27 15:46:37 +02:00 · 2021-05-27 15:46:37 +02:00 · cd7213e27c
commit cd7213e27c
parent 96ef5dede9
1 changed files with 25 additions and 6 deletions
--- a/src/core/devices/wifi/nm-iwd-manager.c
+++ b/src/core/devices/wifi/nm-iwd-manager.c
@ -48,6 +48,7 @@ typedef struct {
    GHashTable *        known_networks;
    NMDeviceIwd *       last_agent_call_device;
    char *              last_state_dir;
+    bool                warned_state_dir;
 } NMIwdManagerPrivate;

 struct _NMIwdManager {
@ -456,16 +457,27 @@ iwd_config_write(GKeyFile *             config,
 static const char *
 get_config_path(NMIwdManager *self)
 {
-    NMIwdManagerPrivate *priv = NM_IWD_MANAGER_GET_PRIVATE(self);
-    const char *         path = nm_config_data_get_iwd_config_path(NM_CONFIG_GET_DATA);
+    NMIwdManagerPrivate *priv   = NM_IWD_MANAGER_GET_PRIVATE(self);
+    const char *         path   = nm_config_data_get_iwd_config_path(NM_CONFIG_GET_DATA);
+    bool                 warned = priv->warned_state_dir;
+
+    priv->warned_state_dir = FALSE;

    if (!path || nm_streq0(path, "auto"))
        return priv->last_state_dir;

-    if (path[0] != '\0' && g_file_test(path, G_FILE_TEST_IS_DIR))
-        return path;
+    if (path[0] == '\0')
+        return NULL;

-    return NULL;
+    if (path[0] != '/' || !g_file_test(path, G_FILE_TEST_IS_DIR)) {
+        if (!warned)
+            _LOGW("IWD StateDirectory '%s' not accessible", path);
+
+        priv->warned_state_dir = TRUE;
+        return NULL;
+    }
+
+    return path;
 }

 static void
@ -1440,6 +1452,8 @@ get_daemon_info_cb(GObject *source, GAsyncResult *res, gpointer user_data)

    while (g_variant_iter_next(properties_iter, "{&sv}", &key, &value)) {
        if (nm_streq(key, "StateDirectory")) {
+            const char *path;
+
            if (!g_variant_is_of_type(value, G_VARIANT_TYPE_STRING)) {
                _LOGE("Daemon.GetInfo property %s is typed '%s' instead of 's'",
                      key,
@ -1448,7 +1462,12 @@ get_daemon_info_cb(GObject *source, GAsyncResult *res, gpointer user_data)
            }

            nm_clear_g_free(&priv->last_state_dir);
-            priv->last_state_dir = g_variant_dup_string(value, NULL);
+
+            path = g_variant_get_string(value, NULL);
+            if (path[0] == '/' && g_file_test(path, G_FILE_TEST_IS_DIR))
+                priv->last_state_dir = g_strdup(path);
+            else
+                _LOGW("IWD StateDirectory '%s' not accessible", path);
        }

 next: