setting-ip-config: validate route attributes in verify()ac/local_route

It's better to verify these route attributes so that the user can be
notified early if something is not supported or invalid.

The downside is that some incorrect profiles (with invalid route attributes)
that previously would work since this commit will not anymore as
the incorrect bits don't get ignored but rejected instead.

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/407
https://bugzilla.redhat.com/show_bug.cgi?id=1821787

1 files changed, 14 insertions, 0 deletions

diff --git a/libnm-core/nm-setting-ip-config.c b/libnm-core/nm-setting-ip-config.c
index c750e97e31..bc81129177 100644
--- a/libnm-core/nm-setting-ip-config.c
+++ b/libnm-core/nm-setting-ip-config.c
@@ -5059,6 +5059,7 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
 
 	/* Validate routes */
 	for (i = 0; i < priv->routes->len; i++) {
+		gs_free_error GError *local = NULL;
 		NMIPRoute *route = (NMIPRoute *) priv->routes->pdata[i];
 
 		if (nm_ip_route_get_family (route) != NM_SETTING_IP_CONFIG_GET_FAMILY (setting)) {
@@ -5070,6 +5071,19 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
 			g_prefix_error (error, "%s.%s: ", nm_setting_get_name (setting), NM_SETTING_IP_CONFIG_ROUTES);
 			return FALSE;
 		}
+
+		if (!_nm_ip_route_attribute_validate_all (route, &local)) {
+			g_set_error (error,
+			             NM_CONNECTION_ERROR,
+			             NM_CONNECTION_ERROR_INVALID_PROPERTY,
+			             _("invalid attribute: %s"),
+			             local->message);
+			g_prefix_error (error,
+			                "%s.%s: ",
+			                nm_setting_get_name (setting),
+			                NM_SETTING_IP_CONFIG_ROUTES);
+			return FALSE;
+		}
 	}
 
 	if (priv->routing_rules) {