Fix potentional crash in malformed items import

Resolves: RHEL-119641 Resolves: RHEL-119653
2025-10-23 16:10:57 +02:00 · 2025-10-23 16:10:57 +02:00 · f037751b82
commit f037751b82
parent 267e23ef20
2 changed files with 66 additions and 2 deletions
--- a/0005-service-don-t-crash-with-malformed-connections.patch
+++ b/0005-service-don-t-crash-with-malformed-connections.patch
@ -0,0 +1,61 @@
+From 397096f85c155d18834e8f7b90b1ea439344cd32 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= <ihuguet@riseup.net>
+Date: Thu, 23 Oct 2025 11:54:46 +0200
+Subject: [PATCH] service: don't crash with malformed connections
+
+If a connection is malformed, i.e. by having incorrect values, a crash
+(or something worse) could happen in _connect_common because we were
+assuming that the value returned from sanitize_setting_vpn() must be
+non-NULL. If the connection is malformed, it will be NULL.
+
+Fix it by gracefully handling this scenario.
+
+This is a RHEL-only patch, as this is fixed by a later commit that we
+didn't want to backport yet. When we rebase, this patch can be dropped.
+
+Fixes: 50d0fc5a265b ('Fix PSK authentication when leftid starts with `@`')
+---
+ src/nm-libreswan-service.c | 20 ++++++++++++++++----
+ 1 file changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/src/nm-libreswan-service.c b/src/nm-libreswan-service.c
+index 58ada03..a093547 100644
+--- a/src/nm-libreswan-service.c
+++ b/src/nm-libreswan-service.c
+@@ -1756,7 +1756,8 @@ _connect_common (NMVpnServicePlugin   *plugin,
+ {
+ 	NMLibreswanPlugin *self = NM_LIBRESWAN_PLUGIN (plugin);
+ 	NMLibreswanPluginPrivate *priv = NM_LIBRESWAN_PLUGIN_GET_PRIVATE (self);
+-	gs_unref_object NMSettingVpn *s_vpn = NULL;
+	NMSettingVpn *s_vpn;
+	gs_unref_object NMSettingVpn *s_vpn_sanitized = NULL;
+ 	const char *con_name = nm_connection_get_uuid (connection);
+ 	gs_free char *ipsec_banner = NULL;
+ 	gs_free char *ifupdown_script = NULL;
+@@ -1794,9 +1795,20 @@ _connect_common (NMVpnServicePlugin   *plugin,
+ 			return FALSE;
+ 	}
+ 
+-	s_vpn = sanitize_setting_vpn(nm_connection_get_setting_vpn (connection),
+-				     error);
+-	g_assert (s_vpn);
+	s_vpn = nm_connection_get_setting_vpn(connection);
+	if (!s_vpn) {
+		g_set_error_literal(error,
+		                    NM_VPN_PLUGIN_ERROR,
+		                    NM_VPN_PLUGIN_ERROR_INVALID_CONNECTION,
+		                    _("Empty VPN setting."));
+		return FALSE;
+	}
+
+	s_vpn_sanitized = sanitize_setting_vpn(s_vpn, error);
+	if (!s_vpn_sanitized)
+		return FALSE;
+
+	s_vpn = s_vpn_sanitized;
+ 
+ 	g_object_get (self, NM_VPN_SERVICE_PLUGIN_DBUS_SERVICE_NAME, &bus_name, NULL);
+ 
+-- 
+2.51.0
+
--- a/NetworkManager-libreswan.spec
+++ b/NetworkManager-libreswan.spec
@ -15,7 +15,7 @@
 Summary:   NetworkManager VPN plug-in for IPsec VPN
 Name:      NetworkManager-libreswan
 Version:   1.2.27
-Release:   3%{?dist}
+Release:   4%{?dist}
 License:   GPL-2.0-or-later
 URL:       https://gitlab.gnome.org/GNOME/NetworkManager-libreswan
 Source0:   https://download.gnome.org/sources/NetworkManager-libreswan/1.2/%{name}-%{version}.tar.xz
@ -24,7 +24,7 @@ Patch0:    0001-Export-esp-option.patch
 Patch1:    0002-fix-psk-auth-when-leftid-starts-with-at.patch
 Patch2:    0003-import-export-nm-auto-defaults-no.patch
 Patch3:    0004-sanitize-before-exporting-RHEL-only.patch
-
+Patch4:    0005-service-don-t-crash-with-malformed-connections.patch
 BuildRequires: make
 BuildRequires: gcc
 BuildRequires: gtk3-devel
@ -128,6 +128,9 @@ mv %{buildroot}%{_sysconfdir}/dbus-1 %{buildroot}%{_datadir}/


 %changelog
+* Thu Oct 23 2025 Vladimír Beneš <vbenes@redhat.com> - 1.2.27-4
+- Fix potentional crash in malformed items import
+
 * Tue Oct 21 2025 Vladimír Beneš <vbenes@redhat.com> - 1.2.27-3
 - Fix a regression in nm-auto-defaults=yes