conf: Correct length checking of interface names in conf_ports()
When interface names are specified in forwarding specs, we need to check the length of the given interface name against the limit of IFNAMSIZ - 1 (15) characters. However, we managed to have 3 separate off-by-one errors here meaning we only accepted interface names up to 12 characters. 1. At the point of the check 'ifname' was still on the '%' character, not the first character of the name, meaning we overestimated the length by one 2. At the point of the check 'spec' had been advanced one character past the '/' which terminates the interface name, meaning we overestimated the length by another one 3. We checked if the (miscalculated) length was >= IFNAMSIZ - 1, that is >= 15, whereas lengths equal to 15 should be accepted. Correct all 3 errors. Link: https://bugs.passt.top/show_bug.cgi?id=61 Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
parent
c4017cc4a1
commit
4c98d3be80
1 changed files with 8 additions and 3 deletions
11
conf.c
11
conf.c
|
@ -256,11 +256,16 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg,
|
||||||
goto bad;
|
goto bad;
|
||||||
|
|
||||||
if ((ifname = strchr(buf, '%'))) {
|
if ((ifname = strchr(buf, '%'))) {
|
||||||
if (spec - ifname >= IFNAMSIZ - 1)
|
|
||||||
goto bad;
|
|
||||||
|
|
||||||
*ifname = 0;
|
*ifname = 0;
|
||||||
ifname++;
|
ifname++;
|
||||||
|
|
||||||
|
/* spec is already advanced one past the '/',
|
||||||
|
* so the length of the given ifname is:
|
||||||
|
* (spec - ifname - 1)
|
||||||
|
*/
|
||||||
|
if (spec - ifname - 1 >= IFNAMSIZ)
|
||||||
|
goto bad;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ifname == buf + 1) /* Interface without address */
|
if (ifname == buf + 1) /* Interface without address */
|
||||||
|
|
Loading…
Reference in a new issue