conf: Correct length checking of interface names in conf_ports()

When interface names are specified in forwarding specs, we need to check
the length of the given interface name against the limit of IFNAMSIZ - 1
(15) characters.  However, we managed to have 3 separate off-by-one errors
here meaning we only accepted interface names up to 12 characters.

1. At the point of the check 'ifname' was still on the '%' character, not
   the first character of the name, meaning we overestimated the length by
   one
2. At the point of the check 'spec' had been advanced one character past
   the '/' which terminates the interface name, meaning we overestimated
   the length by another one
3. We checked if the (miscalculated) length was >= IFNAMSIZ - 1, that is
   >= 15, whereas lengths equal to 15 should be accepted.

Correct all 3 errors.

Link: https://bugs.passt.top/show_bug.cgi?id=61
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

1 files changed, 8 insertions, 3 deletions

diff --git a/conf.c b/conf.c
index 1906436..78eaf2d 100644
--- a/conf.c
+++ b/conf.c
@@ -256,11 +256,16 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg,
 			goto bad;
 
 		if ((ifname = strchr(buf, '%'))) {
-			if (spec - ifname >= IFNAMSIZ - 1)
-				goto bad;
-
 			*ifname = 0;
 			ifname++;
+
+			/* spec is already advanced one past the '/',
+			 * so the length of the given ifname is:
+			 * (spec - ifname - 1)
+			 */
+			if (spec - ifname - 1 >= IFNAMSIZ)
+				goto bad;
+
 		}
 
 		if (ifname == buf + 1)		/* Interface without address */