conf: Correct length checking of interface names in conf_ports()

When interface names are specified in forwarding specs, we need to check
the length of the given interface name against the limit of IFNAMSIZ - 1
(15) characters.  However, we managed to have 3 separate off-by-one errors
here meaning we only accepted interface names up to 12 characters.

1. At the point of the check 'ifname' was still on the '%' character, not
   the first character of the name, meaning we overestimated the length by
   one
2. At the point of the check 'spec' had been advanced one character past
   the '/' which terminates the interface name, meaning we overestimated
   the length by another one
3. We checked if the (miscalculated) length was >= IFNAMSIZ - 1, that is
   >= 15, whereas lengths equal to 15 should be accepted.

Correct all 3 errors.

Link: https://bugs.passt.top/show_bug.cgi?id=61
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
David Gibson 2023-06-28 15:11:15 +10:00 committed by Stefano Brivio
parent c4017cc4a1
commit 4c98d3be80

11
conf.c
View file

@ -256,11 +256,16 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg,
goto bad; goto bad;
if ((ifname = strchr(buf, '%'))) { if ((ifname = strchr(buf, '%'))) {
if (spec - ifname >= IFNAMSIZ - 1)
goto bad;
*ifname = 0; *ifname = 0;
ifname++; ifname++;
/* spec is already advanced one past the '/',
* so the length of the given ifname is:
* (spec - ifname - 1)
*/
if (spec - ifname - 1 >= IFNAMSIZ)
goto bad;
} }
if (ifname == buf + 1) /* Interface without address */ if (ifname == buf + 1) /* Interface without address */