55 lines
2.0 KiB
Diff
55 lines
2.0 KiB
Diff
From 15946667c771ba88d38f82cc467fd52d268e44bb Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= <ihuguet@riseup.net>
|
|
Date: Tue, 21 Oct 2025 08:37:35 +0200
|
|
Subject: [PATCH] export: sanitize before exporting (RHEL only)
|
|
|
|
The commit referenced below moved the responsibility of sanitizing the
|
|
connection from nm_libreswan_get_ipsec_conf to its caller, but it forgot
|
|
to sanitize in export_to_file(). Fix it.
|
|
|
|
This is a RHEL-only patch, as this is fixed by a later commit that we
|
|
didn't want to backport yet. When we rebase, this patch can be dropped.
|
|
|
|
Fixes: 50d0fc5a265b ('Fix PSK authentication when leftid starts with `@`')
|
|
---
|
|
properties/nm-libreswan-editor-plugin.c | 16 ++++++++++++++--
|
|
1 file changed, 14 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/properties/nm-libreswan-editor-plugin.c b/properties/nm-libreswan-editor-plugin.c
|
|
index 2b455ba..7a75e09 100644
|
|
--- a/properties/nm-libreswan-editor-plugin.c
|
|
+++ b/properties/nm-libreswan-editor-plugin.c
|
|
@@ -91,6 +91,7 @@ export_to_file (NMVpnEditorPlugin *self,
|
|
GError **error)
|
|
{
|
|
NMSettingVpn *s_vpn;
|
|
+ gs_unref_object NMSettingVpn *s_vpn_sanitized = NULL;
|
|
gboolean openswan = FALSE;
|
|
gs_free_error GError *local = NULL;
|
|
gs_free char *ipsec_conf = NULL;
|
|
@@ -98,8 +99,19 @@ export_to_file (NMVpnEditorPlugin *self,
|
|
int version;
|
|
|
|
s_vpn = nm_connection_get_setting_vpn (connection);
|
|
- if (s_vpn)
|
|
- openswan = nm_streq (nm_setting_vpn_get_service_type (s_vpn), NM_VPN_SERVICE_TYPE_OPENSWAN);
|
|
+ if (!s_vpn) {
|
|
+ g_set_error_literal (error,
|
|
+ NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_INVALID_CONNECTION,
|
|
+ _("Empty VPN setting."));
|
|
+ return FALSE;
|
|
+ }
|
|
+
|
|
+ s_vpn_sanitized = sanitize_setting_vpn (s_vpn, error);
|
|
+ if (!s_vpn_sanitized)
|
|
+ return FALSE;
|
|
+
|
|
+ s_vpn = s_vpn_sanitized;
|
|
+ openswan = nm_streq (nm_setting_vpn_get_service_type (s_vpn), NM_VPN_SERVICE_TYPE_OPENSWAN);
|
|
|
|
nm_libreswan_detect_version (nm_libreswan_find_helper_bin ("ipsec", NULL),
|
|
&is_openswan, &version, NULL);
|
|
--
|
|
2.51.0
|
|
|