"val" and "key" are now marked as nm_auto. They are freed at the end,
and we should not free them before breaking the loop (at least not,
without also clearing the variables).
Fixes: 02dbba49d6 ('libnm: fix leak in nm_vpn_service_plugin_read_vpn_details()')
(cherry picked from commit 62c1944e7d)
Found by Coverity:
Error: RESOURCE_LEAK (CWE-772):
NetworkManager-1.31.3/src/libnm-client-impl/nm-vpn-service-plugin.c:814: alloc_fn: Storage is returned from allocation function "g_string_new".
NetworkManager-1.31.3/src/libnm-client-impl/nm-vpn-service-plugin.c:814: var_assign: Assigning: "key" = storage returned from "g_string_new(line->str + strlen("DATA_KEY="))".
NetworkManager-1.31.3/src/libnm-client-impl/nm-vpn-service-plugin.c:815: var_assign: Assigning: "str" = "key".
NetworkManager-1.31.3/src/libnm-client-impl/nm-vpn-service-plugin.c:855: leaked_storage: Variable "str" going out of scope leaks the storage it points to.
NetworkManager-1.31.3/src/libnm-client-impl/nm-vpn-service-plugin.c:855: leaked_storage: Variable "key" going out of scope leaks the storage it points to.
# 853| NM_SET_OUT(out_secrets, g_steal_pointer(&secrets));
# 854| }
# 855|-> return success;
# 856| }
# 857|
Fixes: 3dfb72b926 ('service-plugin: allow continuations in the auth-dialog protocol')
(cherry picked from commit 02dbba49d6)
Since g_string_free() takes an additional argument,
it's not direclty usable with nm_clear_pointer(ptr, g_string_free);
As workaround, add nm_clear_g_string() helper.
(cherry picked from commit 8da91cd85f)
Found by Coverity:
Error: RESOURCE_LEAK (CWE-772): [#def297] [important]
NetworkManager-1.31.3/src/nmcli/devices.c:4610: alloc_fn: Storage is returned from allocation function "nm_utils_ssid_to_utf8".
NetworkManager-1.31.3/src/nmcli/devices.c:4610: var_assign: Assigning: "ssid" = storage returned from "nm_utils_ssid_to_utf8(g_bytes_get_data(ssid_bytes, NULL), g_bytes_get_size(ssid_bytes))".
NetworkManager-1.31.3/src/nmcli/devices.c:4612: noescape: Resource "ssid" is not freed or pointed-to in "g_print".
NetworkManager-1.31.3/src/nmcli/devices.c:4642: noescape: Resource "ssid" is not freed or pointed-to in "string_append_mecard".
NetworkManager-1.31.3/src/nmcli/devices.c:4654: leaked_storage: Variable "ssid" going out of scope leaks the storage it points to.
# 4652|
# 4653| g_print("\n");
# 4654|-> }
# 4655|
# 4656| static gboolean
Fixes: 7061341a41 ('cli: add "nmcli d wifi show"')
(cherry picked from commit e5f37477c0)
Found by Coverity:
Error: RESOURCE_LEAK (CWE-772):
NetworkManager-1.31.3/src/libnm-core-impl/nm-utils.c:2772: alloc_fn: Storage is returned from allocation function "nm_utils_tc_action_from_str".
NetworkManager-1.31.3/src/libnm-core-impl/nm-utils.c:2772: var_assign: Assigning: "action" = storage returned from "nm_utils_tc_action_from_str(extra_opts, error)".
NetworkManager-1.31.3/src/libnm-core-impl/nm-utils.c:2785: leaked_storage: Variable "action" going out of scope leaks the storage it points to.
# 2783| tfilter = nm_tc_tfilter_new(kind, parent, error);
# 2784| if (!tfilter)
# 2785|-> return NULL;
# 2786|
# 2787| nm_tc_tfilter_set_handle(tfilter, handle);
Fixes: de41c45e61 ('libnm-core: add functionality for dealing with tc-style traffic filter specifiers')
(cherry picked from commit 3cd56e92d4)
Also Coverity found that something is wrong here:
Error: FORWARD_NULL (CWE-476): [#def361]
NetworkManager-1.31.5/src/libnm-client-impl/nm-vpn-plugin-old.c:441: var_compare_op: Comparing "connection" to null implies that "connection" might be null.
NetworkManager-1.31.5/src/libnm-client-impl/nm-vpn-plugin-old.c:489: var_deref_model: Passing null pointer "connection" to "g_object_unref", which dereferences it.
# 487| }
# 488|
# 489|-> g_object_unref(connection);
# 490| }
# 491|
Fixes: 6793a32a8c ('libnm: port to GDBus')
(cherry picked from commit e56f126071)
"uuid" is returned from nms_keyfile_nmmeta_check_filename(),
and contains "$UUID.nmmeta". We must compare only the first
"uuid_len" bytes.
Fixes: 064544cc07 ('settings: support storing "shadowed-storage" to .nmmeta files')
(cherry picked from commit 7e8e6836e0)
Coverity says:
Error: ALLOC_FREE_MISMATCH (CWE-762):
NetworkManager-1.31.3/src/core/tests/test-systemd.c:261: alloc: Allocation of memory which must be freed using "free".
NetworkManager-1.31.3/src/core/tests/test-systemd.c:274: free: Calling "_nm_auto_g_free" frees "exp2_arr" using "g_free" but it should have been freed using "free".
# 272| g_assert_cmpmem(expected_arr, expected_len, exp3_arr, exp3_len);
# 273| }
# 274|-> }
# 275|
# 276| #define _test_unbase64mem(base64, expected_str) \
Error: ALLOC_FREE_MISMATCH (CWE-762):
NetworkManager-1.31.3/src/core/tests/test-systemd.c:270: alloc: Allocation of memory which must be freed using "free".
NetworkManager-1.31.3/src/core/tests/test-systemd.c:274: free: Calling "_nm_auto_g_free" frees "exp3_arr" using "g_free" but it should have been freed using "free".
# 272| g_assert_cmpmem(expected_arr, expected_len, exp3_arr, exp3_len);
# 273| }
# 274|-> }
# 275|
# 276| #define _test_unbase64mem(base64, expected_str) \
Fixes: 0298d54078 ('systemd: expose unbase64mem() as nm_sd_utils_unbase64mem()')
(cherry picked from commit 44abe6d661)
Coverity says:
Error: ALLOC_FREE_MISMATCH (CWE-762):
NetworkManager-1.31.3/src/core/dhcp/nm-dhcp-systemd.c:234: alloc: Allocation of memory which must be freed using "free".
NetworkManager-1.31.3/src/core/dhcp/nm-dhcp-systemd.c:447: free: Calling "_nm_auto_g_free" frees "routes" using "g_free" but it should have been freed using "free".
# 445| }
# 446| NM_SET_OUT(out_options, g_steal_pointer(&options));
# 447|-> return g_steal_pointer(&ip4_config);
# 448| }
# 449|
Fixes: acc0d79224 ('systemd: merge branch 'systemd' into master')
(cherry picked from commit 64985beef8)
Found by Coverity:
Error: RESOURCE_LEAK (CWE-772): [#def271] [important]
NetworkManager-1.31.3/src/libnmc-base/nm-secret-agent-simple.c:874: alloc_fn: Storage is returned from allocation function "nm_utils_ssid_to_utf8".
NetworkManager-1.31.3/src/libnmc-base/nm-secret-agent-simple.c:874: var_assign: Assigning: "ssid_utf8" = storage returned from "nm_utils_ssid_to_utf8(g_bytes_get_data(ssid, NULL), g_bytes_get_size(ssid))".
NetworkManager-1.31.3/src/libnmc-base/nm-secret-agent-simple.c:877: noescape: Resource "ssid_utf8" is not freed or pointed-to in "g_strdup_printf".
NetworkManager-1.31.3/src/libnmc-base/nm-secret-agent-simple.c:882: leaked_storage: Variable "ssid_utf8" going out of scope leaks the storage it points to.
# 880|
# 881| if (!add_wireless_secrets(request, secrets))
# 882|-> goto out_fail;
# 883| } else if (nm_connection_is_type(request->connection, NM_SETTING_WIRED_SETTING_NAME)) {
# 884| title = _("Wired 802.1X authentication");
Error: RESOURCE_LEAK (CWE-772): [#def272] [important]
NetworkManager-1.31.3/src/libnmc-base/nm-secret-agent-simple.c:874: alloc_fn: Storage is returned from allocation function "nm_utils_ssid_to_utf8".
NetworkManager-1.31.3/src/libnmc-base/nm-secret-agent-simple.c:874: var_assign: Assigning: "ssid_utf8" = storage returned from "nm_utils_ssid_to_utf8(g_bytes_get_data(ssid, NULL), g_bytes_get_size(ssid))".
NetworkManager-1.31.3/src/libnmc-base/nm-secret-agent-simple.c:877: noescape: Resource "ssid_utf8" is not freed or pointed-to in "g_strdup_printf".
NetworkManager-1.31.3/src/libnmc-base/nm-secret-agent-simple.c:883: leaked_storage: Variable "ssid_utf8" going out of scope leaks the storage it points to.
# 881| if (!add_wireless_secrets(request, secrets))
# 882| goto out_fail;
# 883|-> } else if (nm_connection_is_type(request->connection, NM_SETTING_WIRED_SETTING_NAME)) {
# 884| title = _("Wired 802.1X authentication");
# 885| msg = g_strdup_printf(_("Secrets are required to access the wired network %s"),
Fixes: 3fbabde4c3 ('libnm-core: replace GByteArray with pointer + length in some APIs')
(cherry picked from commit 2c628e4762)
Found by Coverity:
Error: RESOURCE_LEAK (CWE-772): [#def274] [important]
NetworkManager-1.31.3/src/libnmt-newt/nmt-newt-button.c:118: alloc_fn: Storage is returned from allocation function "g_strdup_printf".
NetworkManager-1.31.3/src/libnmt-newt/nmt-newt-button.c:118: var_assign: Assigning: "label" = storage returned from "g_strdup_printf(" <%s>", priv->label)".
NetworkManager-1.31.3/src/libnmt-newt/nmt-newt-button.c:119: noescape: Resource "label" is not freed or pointed-to in "nmt_newt_locale_from_utf8".
NetworkManager-1.31.3/src/libnmt-newt/nmt-newt-button.c:125: leaked_storage: Variable "label" going out of scope leaks the storage it points to.
# 123| }
# 124|
# 125|-> return co;
# 126| }
# 127|
Fixes: 3bda3fb60c ('nmtui: initial import of nmtui')
(cherry picked from commit 853f411567)
Found by Coverity:
Error: RESOURCE_LEAK (CWE-772):
NetworkManager-1.31.3/src/core/nm-config-data.c:450: alloc_fn: Storage is returned from allocation function "nm_config_data_get_value".
NetworkManager-1.31.3/src/core/nm-config-data.c:450: var_assign: Assigning: "str" = storage returned from "nm_config_data_get_value(self, "main", "auth-polkit", (enum [unnamed type of NMConfigGetValueFlags])6)".
NetworkManager-1.31.3/src/core/nm-config-data.c:454: noescape: Resource "str" is not freed or pointed-to in "nm_auth_polkit_mode_from_string".
NetworkManager-1.31.3/src/core/nm-config-data.c:465: leaked_storage: Variable "str" going out of scope leaks the storage it points to.
# 463| NM_SET_OUT(out_invalid_config, FALSE);
# 464|
# 465|-> return auth_polkit_mode;
# 466| }
# 467|
Fixes: 6d7446e52f ('core: add main.auth-polkit option "root-only"')
(cherry picked from commit ceaa1c369f)
nm_act_request_set_shared() already calls nm_utils_share_rules_apply().
Calling it twice, is pretty bad because during deactivate we will only
remove one of each duplicate rule.
Fixes: 701654b930 ('core: refactor tracking of shared-rules to use NMUtilsShareRules')
(cherry picked from commit 60744889e2)
This was currently unused, because actually no property of type string
had handle_emptyunuset set.
Fixes: e9ee4e39f1 ('cli: handle string properties that can both be empty and %NULL')
(cherry picked from commit 2c37a34d53)
Active-connections in the async_op_lst are not guaranteed to have a
settings-connection. In particular, the settings-connection for an
AddAndActivate() AC is set only after the authorization succeeds. Use
the non-asserting variant of the function to fix the following
failure:
nm_active_connection_get_settings_connection: assertion 'sett_conn' failed
1 _g_log_abort()
2 g_logv()
3 g_log()
4 _nm_g_return_if_fail_warning.constprop.14()
5 nm_active_connection_get_settings_connection()
6 active_connection_find()
7 _get_activatable_connections_filter()
8 nm_settings_get_connections_clone()
9 nm_manager_get_activatable_connections()
10 auto_activate_device_cb()
11 g_idle_dispatch()
12 g_main_context_dispatch()
13 g_main_context_iterate.isra.21()
14 g_main_loop_run()
15 main()
Fixes: 33b9fa3a3c ('manager: Keep volatile/external connections while referenced by async_op_lst')
https://bugzilla.redhat.com/show_bug.cgi?id=1933719https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/834
(cherry picked from commit 23cc0bf335)
Commit 33b9fa3a3c ("manager: Keep volatile/external connections
while referenced by async_op_lst") changed active_connection_find() to
also return active connections that are not yet activating but are
waiting authorization.
This has side effect for other callers of the function. In particular,
_get_activatable_connections_filter() should exclude only ACs that are
really active, not those waiting for authorization.
Otherwise, in ensure_master_active_connection() all the ACs waiting
authorization are missed and we might fail to find the right master
AC.
Add an argument to active_connection_find to select whether include
ACs waiting authorization.
Fixes: 33b9fa3a3c ('manager: Keep volatile/external connections while referenced by async_op_lst')
https://bugzilla.redhat.com/show_bug.cgi?id=1955101
(cherry picked from commit e694f2cec1)
If the device is still unmanaged by platform-init (which means that
udev didn't emit the event for the interface) when the device gets
realized, we currently clear the assume state. Later, when the device
becomes managed, NM is not able to properly assume the device using
the UUID.
This situation arises, for example, when NM already configured the
device in initrd; after NM is restarted in the real root, udev events
can be delayed causing this race condition.
Among all unamanaged flags, platform-init is the only one that can be
delayed externally. We should not clear the assume state if the device
has only platform-init in the unmanaged flags.
(cherry picked from commit 3c4450aa4d)
_set_state_full() in NMDevice already calls
nm_device_assume_state_reset() when the device reaches state >
DISCONNECTED.
(cherry picked from commit 5dc6d73243)
Probably pid_t is always signed, because kill() documents that
negative values have a special meaning (technically, C would
automatically cast negative signed values to an unsigned pid_t type
too).
Anyway, NMDhcpClient at several places uses -1 as special value for "no
pid". At the same time, it checks for valid PIDs with "pid > 1". That
only works if pid_t is signed.
Add a static assertion for that.
(cherry picked from commit 92bfe09724)
When the link goes away the manager keeps software devices alive as
unrealized because there is still a connection for them.
If the device is software and has a NM-generated connection, keeping
the device alive means that also the generated connection stays
alive. The result is that both stick around forever even if there is
no longer a kernel link.
Add a check to avoid this situation.
https://bugzilla.redhat.com/show_bug.cgi?id=1945282
Fixes: cd0cf9229d ('veth: add support to configure veth interfaces')
(cherry picked from commit d19773ecd4)
NM_DHCP_STATE_DONE is for when the client reports that it is shutting
down. If we manually stop it, we should set the TERMINATED state, so
that NMDevice doesn't start a grace period waiting for a renewal.
This fixes the:
device (enp1s0): DHCPv4: trying to acquire a new lease within 90 seconds
message printed when NM is shutting down.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/802
(cherry picked from commit 4784c7dccd)
This reverts commit 389575a6b1.
When the command line contains BOOTIF and there is another ip=
argument specifying an interface name, we can follow 2 approaches:
a) BOOTIF creates a new distinct connection with DHCP
(the behaviour before the commit)
b) the connection generated for ip= will be also be bound to the
BOOTIF MAC (the behavior introduced by the commit)
Restore a) because we can't be sure that the MAC address refers to the
same interface. In that case it's preferable to generate a different
connection.
https://bugzilla.redhat.com/show_bug.cgi?id=1915493#c35
(cherry picked from commit c21d4ce125)
The goal of this code is to detect python, but prefer python3 while
also allowing the user to override the path.
That did not work in all cases, due to what seems like a bug in
AM_PATH_PYTHON(). AM_PATH_PYTHON() is documented to ignore failure
if [action-if-not-found] is given. So one might assume that:
AM_PATH_PYTHON([3], [], [PYTHON=])
if test -z "$PYTHON"; then
AM_PATH_PYTHON([], [], [PYTHON=python])
fi
first tries to look for v3, and if that fails search for any python
interpreter. That did not work however with:
$ ./configure PYTHON=/usr/bin/python2
...
checking pkg-config is at least version 0.9.0... yes
checking whether /usr/bin/python2 version is >= 3... no
configure: error: Python interpreter is too old
because the first AM_PATH_PYTHON() is fatal.
Work around that.
Fixes: 54a1cfa973 ('build: prefer python3 over python2 in autotools's configure script')
(cherry picked from commit 91bf576a43)
It's not entirely clear how to treat %NULL.
Clearly "match.interface-name=eth0" should not
match with an interface %NULL. But what about
"match.interface-name=!eth0"? It's now implemented
that negative matches still succeed against %NULL.
What about "match.interface-name=*"? That probably
should also match with %NULL. So we treat %NULL really
like "".
Against commit 11cd443448 ('iwd: Don't call IWD methods when device
unmanaged'), we got this backtrace:
#0 0x00007f1c164069f1 in __strnlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:62
#1 0x00007f1c1637ac9e in __fnmatch (pattern=<optimized out>, string=<optimized out>, string@entry=0x0, flags=flags@entry=0) at fnmatch.c:379
p = 0x0
res = <optimized out>
orig_pattern = <optimized out>
n = <optimized out>
wpattern = 0x7fff8d860730 L"pci-0000:03:00.0"
ps = {__count = 0, __value = {__wch = 0, __wchb = "\000\000\000"}}
wpattern_malloc = 0x0
wstring_malloc = 0x0
wstring = <optimized out>
alloca_used = 80
__PRETTY_FUNCTION__ = "__fnmatch"
#2 0x0000564484a978bf in nm_wildcard_match_check (str=0x0, patterns=<optimized out>, num_patterns=<optimized out>) at src/core/nm-core-utils.c:1959
is_inverted = 0
is_mandatory = 0
match = <optimized out>
p = 0x564486c43fa0 "pci-0000:03:00.0"
has_optional = 0
has_any_optional = 0
i = <optimized out>
#3 0x0000564484bf4797 in check_connection_compatible (self=<optimized out>, connection=<optimized out>, error=0x0) at src/core/devices/nm-device.c:7499
patterns = <optimized out>
device_driver = 0x564486c76bd0 "veth"
num_patterns = 1
priv = 0x564486cbe0b0
__func__ = "check_connection_compatible"
device_iface = <optimized out>
local = 0x564486c99a60
conn_iface = 0x0
klass = <optimized out>
s_match = 0x564486c63df0 [NMSettingMatch]
#4 0x0000564484c38491 in check_connection_compatible (device=0x564486cbe590 [NMDeviceVeth], connection=0x564486c6b160, error=0x0) at src/core/devices/nm-device-ethernet.c:348
self = 0x564486cbe590 [NMDeviceVeth]
s_wired = <optimized out>
Fixes: 3ced486f41 ('libnm/match: extend syntax for match patterns with '|', '&', '!' and '\\'')
https://bugzilla.redhat.com/show_bug.cgi?id=1942741
(cherry picked from commit 420784e342)
When adding an IPv4 address, kernel automatically adds a local route.
This is done by fib_add_ifaddr(). Note that if the address is
IFA_F_SECONDARY, then the "src" is the primary address. That means, with
nmcli connection add con-name t type ethernet ifname t autoconnect no \
ipv4.method manual ipv6.method disabled \
ipv4.addresses '192.168.77.10/24, 192.168.77.11/24'
we get two routes:
"local 192.168.77.10 dev t table local proto kernel scope host src 192.168.77.10"
"local 192.168.77.11 dev t table local proto kernel scope host src 192.168.77.10"
Our code would only generate instead:
"local 192.168.77.10 dev t table local proto kernel scope host src 192.168.77.10"
"local 192.168.77.11 dev t table local proto kernel scope host src 192.168.77.11"
Afterwards, this artificial route will be leaked:
#!/bin/bash
set -vx
nmcli connection delete t || :
ip link delete t || :
ip link add name t type veth peer t-veth
nmcli connection add con-name t type ethernet ifname t autoconnect no ipv4.method manual ipv4.addresses '192.168.77.10/24, 192.168.77.11/24' ipv6.method disabled
nmcli connection up t
ip route show table all dev t | grep --color '^\|192.168.77.11'
sleep 1
nmcli device modify t -ipv4.addresses 192.168.77.11/24
ip route show table all dev t | grep --color '^\|192.168.77.11'
ip route show table all dev t | grep -q 192.168.77.11 && echo "the local route 192.168.77.11 is still there, because NM adds a local route with wrong pref-src"
It will also be leaked because in the example above ipv4.route-table is
unset, so we are not in full route sync mode and the local table is not
synced.
This was introduced by commit 3e5fc04df3 ('core: add dependent local
routes configured by kernel'), but it's unclear to me why we really need
this. Drop it again and effectively revert commit 3e5fc04df3 ('core:
add dependent local routes configured by kernel').
I think this "solution" is still bad. We need to improve our route sync
approach with L3Cfg rework. For now, it's probably good enough.
https://bugzilla.redhat.com/show_bug.cgi?id=1907661
(cherry picked from commit 557644f5e0)
This effectively reverts commit cd89026c5f ('core: add dependent
multicast route configured by kernel for IPv6').
It's not clear to me why this was done or why it would be correct.
True, kernel automatically adds multicast route like
multicast ff00::/8 dev $IFACE table local proto kernel metric 256 pref medium
But NetworkManager ignores all multicast routes for now. So the dependent
routes cannot contain multicast routes as they are not handled. Also,
the code added a unicast route, so I don't understand why the comment
is talking about multicast.
This seems just wrong. Drop it.
(cherry picked from commit c29d995000)
When we deactivate a device, we flush all IP addresses and
routes. Thus, have yet another sync mode for that. It will sync more
than "ALL".
(cherry picked from commit e226b5eb82)
When using IWD-side autoconnect mode (current default), in .deactivate()
and .deactivate_async() refrain from commanding IWD to actually
disconnect until the device is managed. Likely the device is already
disconnected but in any case it's up to IWD to decide in this mode.
Calling IWD device's .Disconnect() D-Bus method has the side effect of
disabling autoconnect and doing this while NM is still in platform-init
was unexpectedly leaving the device without autoconnect after
platform-init was done, according to user reports.
Fixes: dc0e31fb70 ('iwd: Add the wifi.iwd.autoconnect setting')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/786
(cherry picked from commit 1708e9a3cc)
