From 0bd46e9042970cdf82d2cc9dcf8d491f3237b408 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 24 Mar 2021 21:05:19 +0100
Subject: [PATCH 1/1] core: fix crash in nm_wildcard_match_check()

It's not entirely clear how to treat %NULL.
Clearly "match.interface-name=eth0" should not
match with an interface %NULL. But what about
"match.interface-name=!eth0"? It's now implemented
that negative matches still succeed against %NULL.
What about "match.interface-name=*"? That probably
should also match with %NULL. So we treat %NULL really
like "".

Against commit 11cd443448bc ('iwd: Don't call IWD methods when device
unmanaged'), we got this backtrace:

    #0  0x00007f1c164069f1 in __strnlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:62
    #1  0x00007f1c1637ac9e in __fnmatch (pattern=<optimized out>, string=<optimized out>, string@entry=0x0, flags=flags@entry=0) at fnmatch.c:379
            p = 0x0
            res = <optimized out>
            orig_pattern = <optimized out>
            n = <optimized out>
            wpattern = 0x7fff8d860730 L"pci-0000:03:00.0"
            ps = {__count = 0, __value = {__wch = 0, __wchb = "\000\000\000"}}
            wpattern_malloc = 0x0
            wstring_malloc = 0x0
            wstring = <optimized out>
            alloca_used = 80
            __PRETTY_FUNCTION__ = "__fnmatch"
    #2  0x0000564484a978bf in nm_wildcard_match_check (str=0x0, patterns=<optimized out>, num_patterns=<optimized out>) at src/core/nm-core-utils.c:1959
            is_inverted = 0
            is_mandatory = 0
            match = <optimized out>
            p = 0x564486c43fa0 "pci-0000:03:00.0"
            has_optional = 0
            has_any_optional = 0
            i = <optimized out>
    #3  0x0000564484bf4797 in check_connection_compatible (self=<optimized out>, connection=<optimized out>, error=0x0) at src/core/devices/nm-device.c:7499
            patterns = <optimized out>
            device_driver = 0x564486c76bd0 "veth"
            num_patterns = 1
            priv = 0x564486cbe0b0
            __func__ = "check_connection_compatible"
            device_iface = <optimized out>
            local = 0x564486c99a60
            conn_iface = 0x0
            klass = <optimized out>
            s_match = 0x564486c63df0 [NMSettingMatch]
    #4  0x0000564484c38491 in check_connection_compatible (device=0x564486cbe590 [NMDeviceVeth], connection=0x564486c6b160, error=0x0) at src/core/devices/nm-device-ethernet.c:348
            self = 0x564486cbe590 [NMDeviceVeth]
            s_wired = <optimized out>

Fixes: 3ced486f4162 ('libnm/match: extend syntax for match patterns with '|', '&', '!' and '\\'')

https://bugzilla.redhat.com/show_bug.cgi?id=1942741
(cherry picked from commit 420784e342da4883f6debdfe10cde68507b10d27)
(cherry picked from commit eaba0b48458a34494d91dc85e6eb5bd7e2b9b2d0)
---
 src/core/nm-core-utils.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/core/nm-core-utils.c b/src/core/nm-core-utils.c
index 9075c30dd0c5..eed8cd7ec157 100644
--- a/src/core/nm-core-utils.c
+++ b/src/core/nm-core-utils.c
@@ -1956,7 +1956,8 @@ nm_wildcard_match_check(const char *str, const char *const *patterns, guint num_
 
         _pattern_parse(patterns[i], &p, &is_inverted, &is_mandatory);
 
-        match = (fnmatch(p, str, 0) == 0);
+        match = (fnmatch(p, str ?: "", 0) == 0);
+
         if (is_inverted)
             match = !match;
 
-- 
2.30.2