Bug 433780

Summary: Netconfig quotes INTERFACE argument twice and does not reject crap
Product: [openSUSE] openSUSE 11.1 Reporter: Marius Tomaschewski <mt>
Component: NetworkAssignee: Marius Tomaschewski <mt>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Critical    
Priority: P2 - High CC: jack.hodge, lnussel, mc, mt, radmanic
Version: Factory   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: Development Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Proposed patch for netconfig
complete /etc/sysconfig/network/scripts/functions.netconfig
complete /sbin/netconfig

Description Marius Tomaschewski 2008-10-09 08:55:16 UTC 
+++ This bug was initially created as a clone of Bug #429772 +++

See attachment https://bugzilla.novell.com/attachment.cgi?id=244121

Here a find & cat on the data from the attachment showing the problem:
$ find var/
var/
var/run
var/run/netconfig
var/run/netconfig/air
var/run/netconfig/ppp0
var/run/netconfig/ppp0/netconfig0
var/run/netconfig/NetworkManager.netconfig
var/run/netconfig/'air'
var/run/netconfig/'cable'
var/run/netconfig/'cable'/netconfig0
var/run/netconfig/'cable'/netconfig1
                  ^^^^^^^

$ cat var/run/netconfig/\'cable\'/netconfig0 
SERVICE='dhclient'
INTERFACE='cable'
          ^^^^^^^
NISDOMAIN=''
NISSERVERS=''
CREATETIME='1223398933'

$ cat var/run/netconfig/\'cable\'/netconfig1
SERVICE='NetworkManager'
INTERFACE='cable'
CREATETIME='1223419459'

NetworkManager & "NM-dhclient" seem to quote arguments twice
   netconfig modify -i "'cable'"

There is no /sys/class/net/'cable' interface directory, so the
config provided this way will be never used.

That netconfig does not reject this, is also a bug.
Comment 1 Tambet Ingo 2008-10-09 11:14:09 UTC 
Thanks for catching this, I'll take care of it for beta3.
Comment 2 Tambet Ingo 2008-10-09 11:31:56 UTC 
Hmm, so how should the the variables look like in the netconfigX files? Just without quotes like this?

SERVICE=NetworkManager
INTERFACE=cable
CREATETIME=1223419459

How about values with spaces, like

DNSSERVERS=192.168.0.1 192.168.0.2

or with quotes?
Comment 3 Marius Tomaschewski 2008-10-13 07:48:11 UTC 
When you provide input via stdin to netconfig modify, use explicit single
quotes (the quote character ' is not allowed inside of the value an can't
be quoted) even when there are no spaces in the value.

The netconfig modify arguments without additional quotes around the value,
for example:

  SERVICE='NetworkManager'
  INTERFACE='eth0'
  DNSSERVERS='192.168.0.1 192.168.0.2'
  {
    echo "INTERFACE='$INTERFACE'
    echo "DNSSERVERS='$DNSSERVERS'"
  } | /sbin/netconfig modify -s "$SERVICE" -i "$INTERFACE"

or

  /sbin/netconfig modify -s "$SERVICE" -i "$INTERFACE" <<-EOF
  INTERFACE='$INTERFACE'
  DNSSERVERS='$DNSSERVERS'
  EOF

This means, the argruments have to contain the bare string values:

 ... argv[] = { "/sbin/netconfig", "-s", "NetworkManager",
                                   "-i", "eth0", NULL};

The expected input format is dhcpcd complatible key='value string';
see also the "dhcpcd -T eth0" output, e.g.:
  INTERFACE='eth0'
  DNSSERVERS='192.168.0.1 192.168.0.2'


I'm adding some code to netconfig rejecting invalid args & input.

The keys have to be compatible with shell identifiers + a single
quoted value:

/^[[:space:]]*[a-z_][a-z0-9_]*='[^']*'[[:space:]]*$/ && !/^[[:space:]]*_+=/

We don't allow unquoted values to go away a misinterpretation as
a bash reserved word, ... and keep it simple.
Comment 4 Tambet Ingo 2008-10-13 09:19:12 UTC 
Hmm, in that case, I don't see any bugs in NM at all, NM does always use a single quote (') around each value. This is a sample from NM log:

Spawning '/sbin/netconfig modify --service NetworkManager'
Writing to netconfig: INTERFACE='eth0'
Writing to netconfig: DNSSEARCH='lan'
Writing to netconfig: DNSSERVERS='192.168.0.3'

There's no shell involved, so these are the exact values netconfig gets. NM never uses "-i" command line argument, the interface is always passed over stdin.
Comment 5 Marius Tomaschewski 2008-10-13 14:13:42 UTC 
Created attachment 245167 [details]
Proposed patch for netconfig
Comment 6 Marius Tomaschewski 2008-10-13 14:24:35 UTC 
(In reply to comment #4 from Tambet Ingo)
> Hmm, in that case, I don't see any bugs in NM at all, NM does always use a
> single quote (') around each value. This is a sample from NM log:
> 
> Spawning '/sbin/netconfig modify --service NetworkManager'
> Writing to netconfig: INTERFACE='eth0'
> Writing to netconfig: DNSSEARCH='lan'
> Writing to netconfig: DNSSERVERS='192.168.0.3'
> 
> There's no shell involved, so these are the exact values netconfig gets. NM
> never uses "-i" command line argument, the interface is always passed over
> stdin.

Ah... I've found the bug. You're right - it didn't came via -i but via
stdin:
  if [ "x$val1" = "xINTERFACE" ]; then
   _INTERFACE="$val2"
  fi
The $val2 contained "'ethX'" at this time.... means it's my bug :-)

Anyway, the above patch should fix both possibilities in netconfig.
Going to submit all fixes to STABLE in few minutes...
Comment 7 Marius Tomaschewski 2008-10-13 14:25:50 UTC 
Created attachment 245171 [details]
complete /etc/sysconfig/network/scripts/functions.netconfig
Comment 8 Marius Tomaschewski 2008-10-13 14:27:58 UTC 
Created attachment 245173 [details]
complete /sbin/netconfig

Can you test if the files from attachment #245171 [details] +  this one work for you?
Comment 9 Marius Tomaschewski 2008-10-14 14:36:25 UTC 
Fix submitted to STABLE/Factory.
Comment 10 Michael Calmer 2008-10-21 09:21:23 UTC 
*** Bug 431322 has been marked as a duplicate of this bug. ***
Comment 11 Bernhard Wiedemann 2016-04-15 09:13:01 UTC 
This is an autogenerated message for OBS integration:
This bug (433780) was mentioned in
https://build.opensuse.org/request/show/2839 Factory / sysconfig