diff options
-rw-r--r-- | src/devices/nm-device.c | 1 | ||||
-rw-r--r-- | src/dhcp-manager/nm-dhcp-systemd.c | 3 | ||||
-rw-r--r-- | src/dhcp-manager/nm-dhcp-utils.c | 2 | ||||
-rw-r--r-- | src/dhcp-manager/tests/test-dhcp-utils.c | 2 | ||||
-rw-r--r-- | src/nm-iface-helper.c | 3 | ||||
-rw-r--r-- | src/nm-ip4-config.c | 11 | ||||
-rw-r--r-- | src/nm-ip4-config.h | 2 | ||||
-rw-r--r-- | src/nm-ip6-config.c | 11 | ||||
-rw-r--r-- | src/nm-ip6-config.h | 2 | ||||
-rw-r--r-- | src/nm-route-manager.c | 2 | ||||
-rw-r--r-- | src/platform/nm-fake-platform.c | 14 | ||||
-rw-r--r-- | src/platform/nm-linux-platform.c | 20 | ||||
-rw-r--r-- | src/platform/nm-platform.c | 22 | ||||
-rw-r--r-- | src/platform/nm-platform.h | 26 | ||||
-rw-r--r-- | src/platform/nmp-object.c | 4 | ||||
-rw-r--r-- | src/platform/nmp-object.h | 4 | ||||
-rw-r--r-- | src/platform/tests/test-route.c | 4 | ||||
-rw-r--r-- | src/vpn-manager/nm-vpn-connection.c | 12 |
18 files changed, 83 insertions, 62 deletions
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c index 10e9ffeacb..0a577e55f7 100644 --- a/src/devices/nm-device.c +++ b/src/devices/nm-device.c @@ -5745,6 +5745,7 @@ rdisc_config_changed (NMRDisc *rdisc, NMRDiscConfigMap changed, NMDevice *self) if (discovered_route->plen > 0) { memset (&route, 0, sizeof (route)); route.network = discovered_route->network; + nm_assert (discovered_route->plen <= 128); route.plen = discovered_route->plen; route.gateway = discovered_route->gateway; route.source = NM_IP_CONFIG_SOURCE_RDISC; diff --git a/src/dhcp-manager/nm-dhcp-systemd.c b/src/dhcp-manager/nm-dhcp-systemd.c index 91fa880305..5d49c27e44 100644 --- a/src/dhcp-manager/nm-dhcp-systemd.c +++ b/src/dhcp-manager/nm-dhcp-systemd.c @@ -312,7 +312,8 @@ lease_to_ip4_config (const char *iface, continue; route.network = a.s_addr; - if (sd_dhcp_route_get_destination_prefix_length (routes[i], &plen) < 0) + if ( sd_dhcp_route_get_destination_prefix_length (routes[i], &plen) < 0 + || plen > 32) continue; route.plen = plen; diff --git a/src/dhcp-manager/nm-dhcp-utils.c b/src/dhcp-manager/nm-dhcp-utils.c index be563a6971..571b1c2213 100644 --- a/src/dhcp-manager/nm-dhcp-utils.c +++ b/src/dhcp-manager/nm-dhcp-utils.c @@ -60,7 +60,7 @@ ip4_process_dhcpcd_rfc3442_routes (const char *str, *slash = '\0'; errno = 0; rt_cidr = strtol (slash + 1, NULL, 10); - if ((errno == EINVAL) || (errno == ERANGE)) { + if (errno || rt_cidr > 32) { nm_log_warn (LOGD_DHCP4, "DHCP provided invalid classless static route cidr: '%s'", slash + 1); continue; } diff --git a/src/dhcp-manager/tests/test-dhcp-utils.c b/src/dhcp-manager/tests/test-dhcp-utils.c index 162f2dd4cd..f477c061fb 100644 --- a/src/dhcp-manager/tests/test-dhcp-utils.c +++ b/src/dhcp-manager/tests/test-dhcp-utils.c @@ -208,6 +208,8 @@ ip4_test_route (NMIP4Config *ip4_config, const NMPlatformIP4Route *route; guint32 tmp; + g_assert (expected_prefix <= 32); + route = nm_ip4_config_get_route (ip4_config, route_num); g_assert (inet_pton (AF_INET, expected_dest, &tmp) > 0); g_assert (route->network == tmp); diff --git a/src/nm-iface-helper.c b/src/nm-iface-helper.c index 5a697537c1..20f7729a43 100644 --- a/src/nm-iface-helper.c +++ b/src/nm-iface-helper.c @@ -213,7 +213,8 @@ rdisc_config_changed (NMRDisc *rdisc, NMRDiscConfigMap changed, gpointer user_da * local configuration or user preferences are, so sending routes * with a prefix length of 0 is quite rude and thus ignored. */ - if (discovered_route->plen > 0) { + if ( discovered_route->plen > 0 + && discovered_route->plen <= 128) { memset (&route, 0, sizeof (route)); route.network = discovered_route->network; route.plen = discovered_route->plen; diff --git a/src/nm-ip4-config.c b/src/nm-ip4-config.c index 4b27edf74b..78c3f94f4f 100644 --- a/src/nm-ip4-config.c +++ b/src/nm-ip4-config.c @@ -486,7 +486,12 @@ nm_ip4_config_merge_setting (NMIP4Config *config, NMSettingIPConfig *setting, gu memset (&route, 0, sizeof (route)); nm_ip_route_get_dest_binary (s_route, &route.network); + route.plen = nm_ip_route_get_prefix (s_route); + nm_assert (route.plen <= 32); + if (route.plen == 0) + continue; + nm_ip_route_get_next_hop_binary (s_route, &route.gateway); if (nm_ip_route_get_metric (s_route) == -1) route.metric = default_route_metric; @@ -494,8 +499,6 @@ nm_ip4_config_merge_setting (NMIP4Config *config, NMSettingIPConfig *setting, gu route.metric = nm_ip_route_get_metric (s_route); route.source = NM_IP_CONFIG_SOURCE_USER; - g_assert (route.plen > 0); - nm_ip4_config_add_route (config, &route); } @@ -1328,7 +1331,7 @@ nm_ip4_config_dump (const NMIP4Config *config, const char *detail) } gboolean -nm_ip4_config_destination_is_direct (const NMIP4Config *config, guint32 network, int plen) +nm_ip4_config_destination_is_direct (const NMIP4Config *config, guint32 network, guint8 plen) { guint naddresses = nm_ip4_config_get_num_addresses (config); int i; @@ -1567,7 +1570,7 @@ nm_ip4_config_add_route (NMIP4Config *config, const NMPlatformIP4Route *new) int i; g_return_if_fail (new != NULL); - g_return_if_fail (new->plen > 0); + g_return_if_fail (new->plen > 0 && new->plen <= 32); g_assert (priv->ifindex); for (i = 0; i < priv->routes->len; i++ ) { diff --git a/src/nm-ip4-config.h b/src/nm-ip4-config.h index 02bc8b07f1..b1a5768740 100644 --- a/src/nm-ip4-config.h +++ b/src/nm-ip4-config.h @@ -79,7 +79,7 @@ void nm_ip4_config_merge (NMIP4Config *dst, const NMIP4Config *src, NMIPConfigMe void nm_ip4_config_subtract (NMIP4Config *dst, const NMIP4Config *src); void nm_ip4_config_intersect (NMIP4Config *dst, const NMIP4Config *src); gboolean nm_ip4_config_replace (NMIP4Config *dst, const NMIP4Config *src, gboolean *relevant_changes); -gboolean nm_ip4_config_destination_is_direct (const NMIP4Config *config, guint32 dest, int plen); +gboolean nm_ip4_config_destination_is_direct (const NMIP4Config *config, guint32 dest, guint8 plen); void nm_ip4_config_dump (const NMIP4Config *config, const char *detail); /* Gateways */ diff --git a/src/nm-ip6-config.c b/src/nm-ip6-config.c index 102aeab5fa..ab0b67d842 100644 --- a/src/nm-ip6-config.c +++ b/src/nm-ip6-config.c @@ -470,7 +470,12 @@ nm_ip6_config_merge_setting (NMIP6Config *config, NMSettingIPConfig *setting, gu memset (&route, 0, sizeof (route)); nm_ip_route_get_dest_binary (s_route, &route.network); + route.plen = nm_ip_route_get_prefix (s_route); + nm_assert (route.plen <= 128); + if (route.plen == 0) + continue; + nm_ip_route_get_next_hop_binary (s_route, &route.gateway); if (nm_ip_route_get_metric (s_route) == -1) route.metric = default_route_metric; @@ -478,8 +483,6 @@ nm_ip6_config_merge_setting (NMIP6Config *config, NMSettingIPConfig *setting, gu route.metric = nm_ip_route_get_metric (s_route); route.source = NM_IP_CONFIG_SOURCE_USER; - g_assert (route.plen > 0); - nm_ip6_config_add_route (config, &route); } @@ -690,7 +693,7 @@ nm_ip6_config_merge (NMIP6Config *dst, const NMIP6Config *src, NMIPConfigMergeFl } gboolean -nm_ip6_config_destination_is_direct (const NMIP6Config *config, const struct in6_addr *network, int plen) +nm_ip6_config_destination_is_direct (const NMIP6Config *config, const struct in6_addr *network, guint8 plen) { int num = nm_ip6_config_get_num_addresses (config); int i; @@ -1401,7 +1404,7 @@ nm_ip6_config_add_route (NMIP6Config *config, const NMPlatformIP6Route *new) int i; g_return_if_fail (new != NULL); - g_return_if_fail (new->plen > 0); + g_return_if_fail (new->plen > 0 && new->plen <= 128); g_assert (priv->ifindex); for (i = 0; i < priv->routes->len; i++ ) { diff --git a/src/nm-ip6-config.h b/src/nm-ip6-config.h index 5ca64ac372..5e66d500e4 100644 --- a/src/nm-ip6-config.h +++ b/src/nm-ip6-config.h @@ -81,7 +81,7 @@ void nm_ip6_config_merge (NMIP6Config *dst, const NMIP6Config *src, NMIPConfigMe void nm_ip6_config_subtract (NMIP6Config *dst, const NMIP6Config *src); void nm_ip6_config_intersect (NMIP6Config *dst, const NMIP6Config *src); gboolean nm_ip6_config_replace (NMIP6Config *dst, const NMIP6Config *src, gboolean *relevant_changes); -int nm_ip6_config_destination_is_direct (const NMIP6Config *config, const struct in6_addr *dest, int plen); +int nm_ip6_config_destination_is_direct (const NMIP6Config *config, const struct in6_addr *dest, guint8 plen); void nm_ip6_config_dump (const NMIP6Config *config, const char *detail); /* Gateways */ diff --git a/src/nm-route-manager.c b/src/nm-route-manager.c index 3cf241186b..05e28c7426 100644 --- a/src/nm-route-manager.c +++ b/src/nm-route-manager.c @@ -221,7 +221,7 @@ _v6_route_dest_cmp (const NMPlatformIP6Route *r1, const NMPlatformIP6Route *r2) CMP_AND_RETURN_INT (r1->plen, r2->plen); nm_utils_ip6_address_clear_host_address (&n1, &r1->network, r1->plen); - nm_utils_ip6_address_clear_host_address (&n2, &r2->network, r2->plen); + nm_utils_ip6_address_clear_host_address (&n2, &r2->network, r2->plen ); return memcmp (&n1, &n2, sizeof (n1)); } diff --git a/src/platform/nm-fake-platform.c b/src/platform/nm-fake-platform.c index fdb11eac56..fc3875c724 100644 --- a/src/platform/nm-fake-platform.c +++ b/src/platform/nm-fake-platform.c @@ -1129,7 +1129,7 @@ ip6_route_get_all (NMPlatform *platform, int ifindex, NMPlatformGetRouteFlags fl } static gboolean -ip4_route_delete (NMPlatform *platform, int ifindex, in_addr_t network, int plen, guint32 metric) +ip4_route_delete (NMPlatform *platform, int ifindex, in_addr_t network, guint8 plen, guint32 metric) { NMFakePlatformPrivate *priv = NM_FAKE_PLATFORM_GET_PRIVATE (platform); int i; @@ -1153,7 +1153,7 @@ ip4_route_delete (NMPlatform *platform, int ifindex, in_addr_t network, int plen } static gboolean -ip6_route_delete (NMPlatform *platform, int ifindex, struct in6_addr network, int plen, guint32 metric) +ip6_route_delete (NMPlatform *platform, int ifindex, struct in6_addr network, guint8 plen, guint32 metric) { NMFakePlatformPrivate *priv = NM_FAKE_PLATFORM_GET_PRIVATE (platform); int i; @@ -1180,7 +1180,7 @@ ip6_route_delete (NMPlatform *platform, int ifindex, struct in6_addr network, in static gboolean ip4_route_add (NMPlatform *platform, int ifindex, NMIPConfigSource source, - in_addr_t network, int plen, in_addr_t gateway, + in_addr_t network, guint8 plen, in_addr_t gateway, in_addr_t pref_src, guint32 metric, guint32 mss) { NMFakePlatformPrivate *priv = NM_FAKE_PLATFORM_GET_PRIVATE (platform); @@ -1188,6 +1188,8 @@ ip4_route_add (NMPlatform *platform, int ifindex, NMIPConfigSource source, guint i; guint8 scope; + g_assert (plen <= 32); + scope = gateway == 0 ? RT_SCOPE_LINK : RT_SCOPE_UNIVERSE; memset (&route, 0, sizeof (route)); @@ -1247,7 +1249,7 @@ ip4_route_add (NMPlatform *platform, int ifindex, NMIPConfigSource source, static gboolean ip6_route_add (NMPlatform *platform, int ifindex, NMIPConfigSource source, - struct in6_addr network, int plen, struct in6_addr gateway, + struct in6_addr network, guint8 plen, struct in6_addr gateway, guint32 metric, guint32 mss) { NMFakePlatformPrivate *priv = NM_FAKE_PLATFORM_GET_PRIVATE (platform); @@ -1313,7 +1315,7 @@ ip6_route_add (NMPlatform *platform, int ifindex, NMIPConfigSource source, } static const NMPlatformIP4Route * -ip4_route_get (NMPlatform *platform, int ifindex, in_addr_t network, int plen, guint32 metric) +ip4_route_get (NMPlatform *platform, int ifindex, in_addr_t network, guint8 plen, guint32 metric) { NMFakePlatformPrivate *priv = NM_FAKE_PLATFORM_GET_PRIVATE (platform); int i; @@ -1332,7 +1334,7 @@ ip4_route_get (NMPlatform *platform, int ifindex, in_addr_t network, int plen, g } static const NMPlatformIP6Route * -ip6_route_get (NMPlatform *platform, int ifindex, struct in6_addr network, int plen, guint32 metric) +ip6_route_get (NMPlatform *platform, int ifindex, struct in6_addr network, guint8 plen, guint32 metric) { NMFakePlatformPrivate *priv = NM_FAKE_PLATFORM_GET_PRIVATE (platform); int i; diff --git a/src/platform/nm-linux-platform.c b/src/platform/nm-linux-platform.c index 3282e698ce..e8d75c0837 100644 --- a/src/platform/nm-linux-platform.c +++ b/src/platform/nm-linux-platform.c @@ -330,9 +330,8 @@ _nm_ip_config_source_from_rtprot (guint rtprot) } static void -clear_host_address (int family, const void *network, int plen, void *dst) +clear_host_address (int family, const void *network, guint8 plen, void *dst) { - g_return_if_fail (plen == (guint8)plen); g_return_if_fail (network); switch (family) { @@ -1779,6 +1778,9 @@ _new_from_nl_route (struct nlmsghdr *nlh, gboolean id_only) ? sizeof (in_addr_t) : sizeof (struct in6_addr); + if (rtm->rtm_dst_len > (is_v4 ? 32 : 128)) + goto errout; + /***************************************************************** * parse nexthops. Only handle routes with one nh. *****************************************************************/ @@ -2255,7 +2257,7 @@ _nl_msg_new_route (int nlmsg_type, NMIPConfigSource source, unsigned char scope, gconstpointer network, - int plen, + guint8 plen, gconstpointer gateway, guint32 metric, guint32 mss, @@ -5454,7 +5456,7 @@ ip6_route_get_all (NMPlatform *platform, int ifindex, NMPlatformGetRouteFlags fl static gboolean ip4_route_add (NMPlatform *platform, int ifindex, NMIPConfigSource source, - in_addr_t network, int plen, in_addr_t gateway, + in_addr_t network, guint8 plen, in_addr_t gateway, in_addr_t pref_src, guint32 metric, guint32 mss) { NMPObject obj_id; @@ -5479,7 +5481,7 @@ ip4_route_add (NMPlatform *platform, int ifindex, NMIPConfigSource source, static gboolean ip6_route_add (NMPlatform *platform, int ifindex, NMIPConfigSource source, - struct in6_addr network, int plen, struct in6_addr gateway, + struct in6_addr network, guint8 plen, struct in6_addr gateway, guint32 metric, guint32 mss) { NMPObject obj_id; @@ -5503,7 +5505,7 @@ ip6_route_add (NMPlatform *platform, int ifindex, NMIPConfigSource source, } static gboolean -ip4_route_delete (NMPlatform *platform, int ifindex, in_addr_t network, int plen, guint32 metric) +ip4_route_delete (NMPlatform *platform, int ifindex, in_addr_t network, guint8 plen, guint32 metric) { NMLinuxPlatformPrivate *priv = NM_LINUX_PLATFORM_GET_PRIVATE (platform); nm_auto_nlmsg struct nl_msg *nlmsg = NULL; @@ -5559,7 +5561,7 @@ ip4_route_delete (NMPlatform *platform, int ifindex, in_addr_t network, int plen } static gboolean -ip6_route_delete (NMPlatform *platform, int ifindex, struct in6_addr network, int plen, guint32 metric) +ip6_route_delete (NMPlatform *platform, int ifindex, struct in6_addr network, guint8 plen, guint32 metric) { nm_auto_nlmsg struct nl_msg *nlmsg = NULL; NMPObject obj_id; @@ -5587,7 +5589,7 @@ ip6_route_delete (NMPlatform *platform, int ifindex, struct in6_addr network, in } static const NMPlatformIP4Route * -ip4_route_get (NMPlatform *platform, int ifindex, in_addr_t network, int plen, guint32 metric) +ip4_route_get (NMPlatform *platform, int ifindex, in_addr_t network, guint8 plen, guint32 metric) { NMPObject obj_id; const NMPObject *obj; @@ -5600,7 +5602,7 @@ ip4_route_get (NMPlatform *platform, int ifindex, in_addr_t network, int plen, g } static const NMPlatformIP6Route * -ip6_route_get (NMPlatform *platform, int ifindex, struct in6_addr network, int plen, guint32 metric) +ip6_route_get (NMPlatform *platform, int ifindex, struct in6_addr network, guint8 plen, guint32 metric) { NMPObject obj_id; const NMPObject *obj; diff --git a/src/platform/nm-platform.c b/src/platform/nm-platform.c index 5a399b316a..744363b123 100644 --- a/src/platform/nm-platform.c +++ b/src/platform/nm-platform.c @@ -2854,13 +2854,13 @@ nm_platform_ip6_route_get_all (NMPlatform *self, int ifindex, NMPlatformGetRoute gboolean nm_platform_ip4_route_add (NMPlatform *self, int ifindex, NMIPConfigSource source, - in_addr_t network, int plen, + in_addr_t network, guint8 plen, in_addr_t gateway, in_addr_t pref_src, guint32 metric, guint32 mss) { _CHECK_SELF (self, klass, FALSE); - g_return_val_if_fail (0 <= plen && plen <= 32, FALSE); + g_return_val_if_fail (plen <= 32, FALSE); if (_LOGD_ENABLED ()) { NMPlatformIP4Route route = { 0 }; @@ -2882,12 +2882,12 @@ nm_platform_ip4_route_add (NMPlatform *self, gboolean nm_platform_ip6_route_add (NMPlatform *self, int ifindex, NMIPConfigSource source, - struct in6_addr network, int plen, struct in6_addr gateway, + struct in6_addr network, guint8 plen, struct in6_addr gateway, guint32 metric, guint32 mss) { _CHECK_SELF (self, klass, FALSE); - g_return_val_if_fail (0 <= plen && plen <= 128, FALSE); + g_return_val_if_fail (plen <= 128, FALSE); if (_LOGD_ENABLED ()) { NMPlatformIP6Route route = { 0 }; @@ -2906,7 +2906,7 @@ nm_platform_ip6_route_add (NMPlatform *self, } gboolean -nm_platform_ip4_route_delete (NMPlatform *self, int ifindex, in_addr_t network, int plen, guint32 metric) +nm_platform_ip4_route_delete (NMPlatform *self, int ifindex, in_addr_t network, guint8 plen, guint32 metric) { char str_dev[TO_STRING_DEV_BUF_SIZE]; @@ -2919,7 +2919,7 @@ nm_platform_ip4_route_delete (NMPlatform *self, int ifindex, in_addr_t network, } gboolean -nm_platform_ip6_route_delete (NMPlatform *self, int ifindex, struct in6_addr network, int plen, guint32 metric) +nm_platform_ip6_route_delete (NMPlatform *self, int ifindex, struct in6_addr network, guint8 plen, guint32 metric) { char str_dev[TO_STRING_DEV_BUF_SIZE]; @@ -2932,7 +2932,7 @@ nm_platform_ip6_route_delete (NMPlatform *self, int ifindex, struct in6_addr net } const NMPlatformIP4Route * -nm_platform_ip4_route_get (NMPlatform *self, int ifindex, in_addr_t network, int plen, guint32 metric) +nm_platform_ip4_route_get (NMPlatform *self, int ifindex, in_addr_t network, guint8 plen, guint32 metric) { _CHECK_SELF (self, klass, FALSE); @@ -2940,7 +2940,7 @@ nm_platform_ip4_route_get (NMPlatform *self, int ifindex, in_addr_t network, int } const NMPlatformIP6Route * -nm_platform_ip6_route_get (NMPlatform *self, int ifindex, struct in6_addr network, int plen, guint32 metric) +nm_platform_ip6_route_get (NMPlatform *self, int ifindex, struct in6_addr network, guint8 plen, guint32 metric) { _CHECK_SELF (self, klass, FALSE); @@ -3631,7 +3631,8 @@ nm_platform_ip4_route_to_string (const NMPlatformIP4Route *route, char *buf, gsi "%s%s" /* scope */ "%s%s" /* pref-src */ "", - s_network, route->plen, + s_network, + route->plen, s_gateway, str_dev, route->metric, @@ -3678,7 +3679,8 @@ nm_platform_ip6_route_to_string (const NMPlatformIP6Route *route, char *buf, gsi " mss %"G_GUINT32_FORMAT " src %s" /* source */ "", - s_network, route->plen, + s_network, + route->plen, s_gateway, str_dev, route->metric, diff --git a/src/platform/nm-platform.h b/src/platform/nm-platform.h index 15bd2fdeef..fbfa470174 100644 --- a/src/platform/nm-platform.h +++ b/src/platform/nm-platform.h @@ -302,7 +302,7 @@ typedef union { #define __NMPlatformIPRoute_COMMON \ __NMPlatformObject_COMMON; \ NMIPConfigSource source; \ - int plen; \ + guint8 plen; \ guint32 metric; \ guint32 mss; \ ; @@ -615,15 +615,15 @@ typedef struct { GArray * (*ip4_route_get_all) (NMPlatform *, int ifindex, NMPlatformGetRouteFlags flags); GArray * (*ip6_route_get_all) (NMPlatform *, int ifindex, NMPlatformGetRouteFlags flags); gboolean (*ip4_route_add) (NMPlatform *, int ifindex, NMIPConfigSource source, - in_addr_t network, int plen, in_addr_t gateway, + in_addr_t network, guint8 plen, in_addr_t gateway, in_addr_t pref_src, guint32 metric, guint32 mss); gboolean (*ip6_route_add) (NMPlatform *, int ifindex, NMIPConfigSource source, - struct in6_addr network, int plen, struct in6_addr gateway, + struct in6_addr network, guint8 plen, struct in6_addr gateway, guint32 metric, guint32 mss); - gboolean (*ip4_route_delete) (NMPlatform *, int ifindex, in_addr_t network, int plen, guint32 metric); - gboolean (*ip6_route_delete) (NMPlatform *, int ifindex, struct in6_addr network, int plen, guint32 metric); - const NMPlatformIP4Route *(*ip4_route_get) (NMPlatform *, int ifindex, in_addr_t network, int plen, guint32 metric); - const NMPlatformIP6Route *(*ip6_route_get) (NMPlatform *, int ifindex, struct in6_addr network, int plen, guint32 metric); + gboolean (*ip4_route_delete) (NMPlatform *, int ifindex, in_addr_t network, guint8 plen, guint32 metric); + gboolean (*ip6_route_delete) (NMPlatform *, int ifindex, struct in6_addr network, guint8 plen, guint32 metric); + const NMPlatformIP4Route *(*ip4_route_get) (NMPlatform *, int ifindex, in_addr_t network, guint8 plen, guint32 metric); + const NMPlatformIP6Route *(*ip6_route_get) (NMPlatform *, int ifindex, struct in6_addr network, guint8 plen, guint32 metric); gboolean (*check_support_kernel_extended_ifa_flags) (NMPlatform *); gboolean (*check_support_user_ipv6ll) (NMPlatform *); @@ -888,18 +888,18 @@ gboolean nm_platform_ip4_address_sync (NMPlatform *self, int ifindex, const GArr gboolean nm_platform_ip6_address_sync (NMPlatform *self, int ifindex, const GArray *known_addresses, gboolean keep_link_local); gboolean nm_platform_address_flush (NMPlatform *self, int ifindex); -const NMPlatformIP4Route *nm_platform_ip4_route_get (NMPlatform *self, int ifindex, in_addr_t network, int plen, guint32 metric); -const NMPlatformIP6Route *nm_platform_ip6_route_get (NMPlatform *self, int ifindex, struct in6_addr network, int plen, guint32 metric); +const NMPlatformIP4Route *nm_platform_ip4_route_get (NMPlatform *self, int ifindex, in_addr_t network, guint8 plen, guint32 metric); +const NMPlatformIP6Route *nm_platform_ip6_route_get (NMPlatform *self, int ifindex, struct in6_addr network, guint8 plen, guint32 metric); GArray *nm_platform_ip4_route_get_all (NMPlatform *self, int ifindex, NMPlatformGetRouteFlags flags); GArray *nm_platform_ip6_route_get_all (NMPlatform *self, int ifindex, NMPlatformGetRouteFlags flags); gboolean nm_platform_ip4_route_add (NMPlatform *self, int ifindex, NMIPConfigSource source, - in_addr_t network, int plen, in_addr_t gateway, + in_addr_t network, guint8 plen, in_addr_t gateway, in_addr_t pref_src, guint32 metric, guint32 mss); gboolean nm_platform_ip6_route_add (NMPlatform *self, int ifindex, NMIPConfigSource source, - struct in6_addr network, int plen, struct in6_addr gateway, + struct in6_addr network, guint8 plen, struct in6_addr gateway, guint32 metric, guint32 mss); -gboolean nm_platform_ip4_route_delete (NMPlatform *self, int ifindex, in_addr_t network, int plen, guint32 metric); -gboolean nm_platform_ip6_route_delete (NMPlatform *self, int ifindex, struct in6_addr network, int plen, guint32 metric); +gboolean nm_platform_ip4_route_delete (NMPlatform *self, int ifindex, in_addr_t network, guint8 plen, guint32 metric); +gboolean nm_platform_ip6_route_delete (NMPlatform *self, int ifindex, struct in6_addr network, guint8 plen, guint32 metric); const char *nm_platform_link_to_string (const NMPlatformLink *link, char *buf, gsize len); const char *nm_platform_lnk_gre_to_string (const NMPlatformLnkGre *lnk, char *buf, gsize len); diff --git a/src/platform/nmp-object.c b/src/platform/nmp-object.c index 740ed8d102..fcd4894487 100644 --- a/src/platform/nmp-object.c +++ b/src/platform/nmp-object.c @@ -377,7 +377,7 @@ _vt_cmd_obj_stackinit_id_ip6_address (NMPObject *obj, const NMPObject *src) } const NMPObject * -nmp_object_stackinit_id_ip4_route (NMPObject *obj, int ifindex, guint32 network, int plen, guint32 metric) +nmp_object_stackinit_id_ip4_route (NMPObject *obj, int ifindex, guint32 network, guint8 plen, guint32 metric) { nmp_object_stackinit (obj, NMP_OBJECT_TYPE_IP4_ROUTE, NULL); obj->ip4_route.ifindex = ifindex; @@ -394,7 +394,7 @@ _vt_cmd_obj_stackinit_id_ip4_route (NMPObject *obj, const NMPObject *src) } const NMPObject * -nmp_object_stackinit_id_ip6_route (NMPObject *obj, int ifindex, const struct in6_addr *network, int plen, guint32 metric) +nmp_object_stackinit_id_ip6_route (NMPObject *obj, int ifindex, const struct in6_addr *network, guint8 plen, guint32 metric) { nmp_object_stackinit (obj, NMP_OBJECT_TYPE_IP6_ROUTE, NULL); obj->ip6_route.ifindex = ifindex; diff --git a/src/platform/nmp-object.h b/src/platform/nmp-object.h index 253c453ab3..71e6e876ad 100644 --- a/src/platform/nmp-object.h +++ b/src/platform/nmp-object.h @@ -347,8 +347,8 @@ const NMPObject *nmp_object_stackinit_id (NMPObject *obj, const NMPObject *src) const NMPObject *nmp_object_stackinit_id_link (NMPObject *obj, int ifindex); const NMPObject *nmp_object_stackinit_id_ip4_address (NMPObject *obj, int ifindex, guint32 address, int plen, guint32 peer_address); const NMPObject *nmp_object_stackinit_id_ip6_address (NMPObject *obj, int ifindex, const struct in6_addr *address, int plen); -const NMPObject *nmp_object_stackinit_id_ip4_route (NMPObject *obj, int ifindex, guint32 network, int plen, guint32 metric); -const NMPObject *nmp_object_stackinit_id_ip6_route (NMPObject *obj, int ifindex, const struct in6_addr *network, int plen, guint32 metric); +const NMPObject *nmp_object_stackinit_id_ip4_route (NMPObject *obj, int ifindex, guint32 network, guint8 plen, guint32 metric); +const NMPObject *nmp_object_stackinit_id_ip6_route (NMPObject *obj, int ifindex, const struct in6_addr *network, guint8 plen, guint32 metric); const char *nmp_object_to_string (const NMPObject *obj, NMPObjectToStringMode to_string_mode, char *buf, gsize buf_size); int nmp_object_cmp (const NMPObject *obj1, const NMPObject *obj2); diff --git a/src/platform/tests/test-route.c b/src/platform/tests/test-route.c index 85851854ea..09ffbb6899 100644 --- a/src/platform/tests/test-route.c +++ b/src/platform/tests/test-route.c @@ -142,7 +142,7 @@ test_ip4_route (void) GArray *routes; NMPlatformIP4Route rts[3]; in_addr_t network; - int plen = 24; + guint8 plen = 24; in_addr_t gateway; /* Choose a high metric so that we hopefully don't conflict. */ int metric = 22986; @@ -229,7 +229,7 @@ test_ip6_route (void) GArray *routes; NMPlatformIP6Route rts[3]; struct in6_addr network; - int plen = 64; + guint8 plen = 64; struct in6_addr gateway; /* Choose a high metric so that we hopefully don't conflict. */ int metric = 22987; diff --git a/src/vpn-manager/nm-vpn-connection.c b/src/vpn-manager/nm-vpn-connection.c index cbc7c69d34..7efcc7829b 100644 --- a/src/vpn-manager/nm-vpn-connection.c +++ b/src/vpn-manager/nm-vpn-connection.c @@ -1439,6 +1439,9 @@ nm_vpn_connection_ip4_config_get (NMVpnConnection *self, GVariant *dict) route.metric = route_metric; route.source = NM_IP_CONFIG_SOURCE_VPN; + if (route.plen > 32) + break; + /* Ignore host routes to the VPN gateway since NM adds one itself * below. Since NM knows more about the routing situation than * the VPN server, we want to use the NM created route instead of @@ -1448,7 +1451,7 @@ nm_vpn_connection_ip4_config_get (NMVpnConnection *self, GVariant *dict) nm_ip4_config_add_route (config, &route); break; default: - _LOGW ("VPN connection: received invalid IPv4 route"); + break; } g_variant_unref (v); } @@ -1565,10 +1568,11 @@ nm_vpn_connection_ip6_config_get (NMVpnConnection *self, GVariant *dict) memset (&route, 0, sizeof (route)); - if (!ip6_addr_from_variant (dest, &route.network)) { - _LOGW ("VPN connection: received invalid IPv6 dest address"); + if (!ip6_addr_from_variant (dest, &route.network)) + goto next; + + if (prefix > 128) goto next; - } route.plen = prefix; ip6_addr_from_variant (next_hop, &route.gateway); |