diff options
| author | Thomas Haller <thaller@redhat.com> | 2020-04-24 20:53:11 +0200 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2020-04-24 20:54:13 +0200 |
| commit | dec1678fecadfcbf25ed21e4929bfd36d8008f66 (patch) | |
| tree | b19d17c50b2f472fb2b429daccf2b4a4be21dd81 /shared | |
| parent | fe84237cf09b29a99d70580044694c1aa7ff1a16 (diff) | |
| download | NetworkManager-dec1678fecadfcbf25ed21e4929bfd36d8008f66.tar.gz | |
dhcp: enforce MUD URL to use "https://" scheme
nm_sd_http_url_is_valid_https() is rather clunky, but it is
this way, because we must not disagree with systemd code
about what makes a valid URL.
RFC 8520 says "MUD URLs MUST use the "https" scheme".
See-also: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/463#note_476190
Fixes: cedcea5ee812 ('libnm: fix verification of connection:mud-url property')
Diffstat (limited to 'shared')
| -rw-r--r-- | shared/systemd/nm-sd-utils-shared.c | 29 | ||||
| -rw-r--r-- | shared/systemd/nm-sd-utils-shared.h | 2 |
2 files changed, 18 insertions, 13 deletions
diff --git a/shared/systemd/nm-sd-utils-shared.c b/shared/systemd/nm-sd-utils-shared.c index b4e017c94b..4444e6c7f6 100644 --- a/shared/systemd/nm-sd-utils-shared.c +++ b/shared/systemd/nm-sd-utils-shared.c @@ -99,13 +99,14 @@ gboolean nm_sd_hostname_is_valid (const char *s, bool allow_trailing_dot) /*****************************************************************************/ static gboolean -_http_url_is_valid (const char *url) +_http_url_is_valid (const char *url, gboolean only_https) { if ( !url || !url[0]) return FALSE; - if (NM_STR_HAS_PREFIX (url, "http://")) + if ( !only_https + && NM_STR_HAS_PREFIX (url, "http://")) url += NM_STRLEN ("http://"); else if (NM_STR_HAS_PREFIX (url, "https://")) url += NM_STRLEN ("https://"); @@ -119,16 +120,20 @@ _http_url_is_valid (const char *url) } gboolean -nm_sd_http_url_is_valid (const char *url) +nm_sd_http_url_is_valid_https (const char *url) { - gboolean v; - - /* http_url_is_valid() is part of our API, as we use it to validate connection - * properties. That means, it's behavior must remain stable (or only change - * with care). + /* We use this function to verify connection:mud-url property, it must thus + * not change behavior. + * + * Note that sd_dhcp_client_set_mud_url() and sd_dhcp6_client_set_request_mud_url() + * assert with http_url_is_valid() that the argument is valid. We thus must make + * sure to only pass URLs that are valid according to http_url_is_valid(). + * + * This is given, because our nm_sd_http_url_is_valid_https() is more strict + * than http_url_is_valid(). * - * Thus, reimplement it, and make sure that our implementation agrees. */ - v = _http_url_is_valid (url); - nm_assert (v == http_url_is_valid (url)); - return v; + * We only must make sure that this is also correct in the future, when we + * re-import systemd code. */ + nm_assert (_http_url_is_valid (url, FALSE) == http_url_is_valid (url)); + return _http_url_is_valid (url, TRUE); } diff --git a/shared/systemd/nm-sd-utils-shared.h b/shared/systemd/nm-sd-utils-shared.h index 382db278d1..a3ca1edc03 100644 --- a/shared/systemd/nm-sd-utils-shared.h +++ b/shared/systemd/nm-sd-utils-shared.h @@ -36,6 +36,6 @@ gboolean nm_sd_hostname_is_valid(const char *s, bool allow_trailing_dot); /*****************************************************************************/ -gboolean nm_sd_http_url_is_valid (const char *url); +gboolean nm_sd_http_url_is_valid_https (const char *url); #endif /* __NM_SD_UTILS_SHARED_H__ */ |