dhcp: enforce MUD URL to use "https://" scheme

nm_sd_http_url_is_valid_https() is rather clunky, but it is this way, because we must not disagree with systemd code about what makes a valid URL. RFC 8520 says "MUD URLs MUST use the "https" scheme". See-also: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/463#note_476190 Fixes: cedcea5ee8 ('libnm: fix verification of connection:mud-url property')
2026-01-03 17:30:16 +01:00 · 2020-04-24 20:53:11 +02:00 · 2020-04-24 20:53:11 +02:00 · dec1678fec
commit dec1678fec
parent fe84237cf0
3 changed files with 19 additions and 14 deletions
--- a/libnm-core/nm-setting-connection.c
+++ b/libnm-core/nm-setting-connection.c
@ -1244,7 +1244,7 @@ after_interface_name:
 			g_prefix_error (error, "%s.%s: ", nm_setting_get_name (setting), NM_SETTING_CONNECTION_MUD_URL);
 			return FALSE;
 		}
-		if (!nm_sd_http_url_is_valid (priv->mud_url)) {
+		if (!nm_sd_http_url_is_valid_https (priv->mud_url)) {
 			g_set_error_literal (error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_INVALID_PROPERTY,
 			                     _("MUD URL is not a valid URL"));
 			g_prefix_error (error, "%s.%s: ", nm_setting_get_name (setting), NM_SETTING_CONNECTION_MUD_URL);
--- a/shared/systemd/nm-sd-utils-shared.c
+++ b/shared/systemd/nm-sd-utils-shared.c
@ -99,13 +99,14 @@ gboolean nm_sd_hostname_is_valid (const char *s, bool allow_trailing_dot)
 /*****************************************************************************/

 static gboolean
-_http_url_is_valid (const char *url)
+_http_url_is_valid (const char *url, gboolean only_https)
 {
 	if (   !url
 	    || !url[0])
 		return FALSE;

-	if (NM_STR_HAS_PREFIX (url, "http://"))
+	if (   !only_https
+	    && NM_STR_HAS_PREFIX (url, "http://"))
 		url += NM_STRLEN ("http://");
 	else if (NM_STR_HAS_PREFIX (url, "https://"))
 		url += NM_STRLEN ("https://");
@ -119,16 +120,20 @@ _http_url_is_valid (const char *url)
 }

 gboolean
-nm_sd_http_url_is_valid (const char *url)
+nm_sd_http_url_is_valid_https (const char *url)
 {
-	gboolean v;
-
-	/* http_url_is_valid() is part of our API, as we use it to validate connection
-	 * properties. That means, it's behavior must remain stable (or only change
-	 * with care).
+	/* We use this function to verify connection:mud-url property, it must thus
+	 * not change behavior.
 	 *
-	 * Thus, reimplement it, and make sure that our implementation agrees. */
-	v = _http_url_is_valid (url);
-	nm_assert (v == http_url_is_valid (url));
-	return v;
+	 * Note that sd_dhcp_client_set_mud_url() and sd_dhcp6_client_set_request_mud_url()
+	 * assert with http_url_is_valid() that the argument is valid. We thus must make
+	 * sure to only pass URLs that are valid according to http_url_is_valid().
+	 *
+	 * This is given, because our nm_sd_http_url_is_valid_https() is more strict
+	 * than http_url_is_valid().
+	 *
+	 * We only must make sure that this is also correct in the future, when we
+	 * re-import systemd code. */
+	nm_assert (_http_url_is_valid (url, FALSE) == http_url_is_valid (url));
+	return _http_url_is_valid (url, TRUE);
 }
--- a/shared/systemd/nm-sd-utils-shared.h
+++ b/shared/systemd/nm-sd-utils-shared.h
@ -36,6 +36,6 @@ gboolean nm_sd_hostname_is_valid(const char *s, bool allow_trailing_dot);

 /*****************************************************************************/

-gboolean nm_sd_http_url_is_valid (const char *url);
+gboolean nm_sd_http_url_is_valid_https (const char *url);

 #endif /* __NM_SD_UTILS_SHARED_H__ */