[NetworkManager-openvpn/bg/ipv6-invalid] helper: ignore IPv6 configuration without an address

From: Beniamino Galvani <bgalvani src gnome org>
To: commits-list gnome org
Cc:
Subject: [NetworkManager-openvpn/bg/ipv6-invalid] helper: ignore IPv6 configuration without an address
Date: Wed, 10 Feb 2021 11:08:11 +0000 (UTC)


commit 56bb08f2956e7e394b017344541e1b7ddf46f2b1
Author: Beniamino Galvani <bgalvani redhat com>
Date:   Wed Feb 10 12:01:37 2021 +0100

    helper: ignore IPv6 configuration without an address
    
    OpenVPN 2.5.0 started to pass incomplete IPv6 configurations when the
    server is not fully configured for IPv6 but has some IPv6
    directives. For example, it is enough to add 'push "route-ipv6 ::/0"'
    to a IPv4-only setup to trigger this behavior.
    
    As a result, NetworkManager rejects the configuration as invalid and
    the connection fails.
    
    Fix this by ignoring IPv6 configurations without an address.
    
    https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/64

 src/nm-openvpn-service-openvpn-helper.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)
---
diff --git a/src/nm-openvpn-service-openvpn-helper.c b/src/nm-openvpn-service-openvpn-helper.c
index 1bcf517..d85906b 100644
--- a/src/nm-openvpn-service-openvpn-helper.c
+++ b/src/nm-openvpn-service-openvpn-helper.c
@@ -453,6 +453,7 @@ main (int argc, char *argv[])
        gboolean has_ip4_address = FALSE;
        gboolean has_ip6_address = FALSE;
        gchar *bus_name = NM_DBUS_SERVICE_OPENVPN;
+       gsize size;
 
 #if !GLIB_CHECK_VERSION (2, 35, 0)
        g_type_init ();
@@ -761,12 +762,15 @@ main (int argc, char *argv[])
 
        ip6config = g_variant_builder_end (&ip6builder);
 
-       if (g_variant_n_children (ip6config)) {
-               val = g_variant_new_boolean (TRUE);
-               g_variant_builder_add (&builder, "{sv}", NM_VPN_PLUGIN_CONFIG_HAS_IP6, val);
-       } else {
+       size = g_variant_n_children (ip6config);
+       if (size == 0 || !has_ip6_address) {
+               if (size > 0)
+                       _LOGW ("Ignoring IPv6 configuration without an address");
                g_variant_unref (ip6config);
                ip6config = NULL;
+       } else {
+               val = g_variant_new_boolean (TRUE);
+               g_variant_builder_add (&builder, "{sv}", NM_VPN_PLUGIN_CONFIG_HAS_IP6, val);
        }
 
        if (!ip4config && !ip6config)

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]