colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

libnm-core,core: accept uid/gid up to (2^32 - 2) for tun devices

Browse Source 
Linux UIDs/GIDs are 32-bit unsigned integer, with 4294967295 reserved
as undefined.

Before:
  # useradd -u 4294967294 -M testuser
  useradd warning: testuser's uid -2 outside of the UID_MIN 1000 and UID_MAX 60000 range.
  # nmcli connection add type tun ifname tun1 owner 4294967294 ipv4.method disabled ipv6.method disabled
  Error: Failed to add 'tun-tun1' connection: tun.owner: '4294967294': invalid user ID

After:
  # useradd -u 4294967294 -M testuser
  useradd warning: testuser's uid -2 outside of the UID_MIN 1000 and UID_MAX 60000 range.
  # nmcli connection add type tun ifname tun1 owner 4294967294 ipv4.method disabled ipv6.method disabled
  Connection 'tun-tun1' (5da24d19-1723-45d5-8e04-c976f7a251d0) successfully added.
  # ip -d link show tun1
  2421: tun1: <NO-CARRIER,POINTOPOINT,MULTICAST,NOARP,UP> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 500
      link/none  promiscuity 0 allmulti 0 minmtu 68 maxmtu 65535
      tun type tun pi off vnet_hdr off persist on user testuser ...
                                                 ^^^^^^^^^^^^^
Fixes: 1f30147a7a ('libnm-core: add NMSettingTun')
This commit is contained in:
Beniamino Galvani
2025-07-04 15:18:27 +02:00
parent 45ab9d96f1
commit 253800238e
2 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/core/devices/nm-device-tun.c
View File

@@ -242,12 +242,14 @@ create_and_realize(NMDevice *device,
g_return_val_if_reached(FALSE);
}
owner = _nm_utils_ascii_str_to_int64(nm_setting_tun_get_owner(s_tun), 10, 0, G_MAXINT32, -1);
owner =
_nm_utils_ascii_str_to_int64(nm_setting_tun_get_owner(s_tun), 10, 0, G_MAXUINT32 - 1, -1);
if (owner != -1) {
props.owner_valid = TRUE;
props.owner = owner;
}
group = _nm_utils_ascii_str_to_int64(nm_setting_tun_get_group(s_tun), 10, 0, G_MAXINT32, -1);
group =
_nm_utils_ascii_str_to_int64(nm_setting_tun_get_group(s_tun), 10, 0, G_MAXUINT32 - 1, -1);
if (group != -1) {
props.group_valid = TRUE;
props.group = group;
@@ -278,7 +280,7 @@ _same_og(const char *str, gboolean og_valid, guint32 og_num)
{
gint64 v;
v = _nm_utils_ascii_str_to_int64(str, 10, 0, G_MAXINT32, -1);
v = _nm_utils_ascii_str_to_int64(str, 10, 0, G_MAXUINT32 - 1, -1);
return (!og_valid && (v == (gint64) -1)) || (og_valid && (((guint32) v) == og_num));
}

4
src/libnm-core-impl/nm-setting-tun.c
View File

@@ -166,7 +166,7 @@ verify(NMSetting *setting, NMConnection *connection, GError **error)
}
if (priv->owner) {
if (_nm_utils_ascii_str_to_int64(priv->owner, 10, 0, G_MAXINT32, -1) == -1) {
if (_nm_utils_ascii_str_to_int64(priv->owner, 10, 0, G_MAXUINT32 - 1, -1) == -1) {
g_set_error(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
@@ -178,7 +178,7 @@ verify(NMSetting *setting, NMConnection *connection, GError **error)
}
if (priv->group) {
if (_nm_utils_ascii_str_to_int64(priv->group, 10, 0, G_MAXINT32, -1) == -1) {
if (_nm_utils_ascii_str_to_int64(priv->group, 10, 0, G_MAXUINT32 - 1, -1) == -1) {
g_set_error(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,