From 4c98d3be800de94776b1ebdb7834be805af41d2d Mon Sep 17 00:00:00 2001 From: David Gibson Date: Wed, 28 Jun 2023 15:11:15 +1000 Subject: conf: Correct length checking of interface names in conf_ports() When interface names are specified in forwarding specs, we need to check the length of the given interface name against the limit of IFNAMSIZ - 1 (15) characters. However, we managed to have 3 separate off-by-one errors here meaning we only accepted interface names up to 12 characters. 1. At the point of the check 'ifname' was still on the '%' character, not the first character of the name, meaning we overestimated the length by one 2. At the point of the check 'spec' had been advanced one character past the '/' which terminates the interface name, meaning we overestimated the length by another one 3. We checked if the (miscalculated) length was >= IFNAMSIZ - 1, that is >= 15, whereas lengths equal to 15 should be accepted. Correct all 3 errors. Link: https://bugs.passt.top/show_bug.cgi?id=61 Signed-off-by: David Gibson Signed-off-by: Stefano Brivio --- conf.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'conf.c') diff --git a/conf.c b/conf.c index 1906436..78eaf2d 100644 --- a/conf.c +++ b/conf.c @@ -256,11 +256,16 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg, goto bad; if ((ifname = strchr(buf, '%'))) { - if (spec - ifname >= IFNAMSIZ - 1) - goto bad; - *ifname = 0; ifname++; + + /* spec is already advanced one past the '/', + * so the length of the given ifname is: + * (spec - ifname - 1) + */ + if (spec - ifname - 1 >= IFNAMSIZ) + goto bad; + } if (ifname == buf + 1) /* Interface without address */ -- cgit v1.2.3