From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from gandalf.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id 5D0815A0275
	for <passt-dev@passt.top>; Wed, 28 Jun 2023 07:11:24 +0200 (CEST)
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4QrV6Z3rdDz4wvv; Wed, 28 Jun 2023 15:11:18 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=201602; t=1687929078;
	bh=8UT6ZAAZye2N9BwwxS9fw7cvhbSBnWjXaxRDNADX6lc=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=bkPCohHi/0oONNbz5w7IRHazMT1MJ7Os3RYTJlsrNKki5yavedl35sAeotP29LMPJ
	 p3pB2m6ptLqFmobL3cgDH32fQZpMXtsM3dvwF4LqVIzI8nHKIc1yRA0JrGHHF7o/TK
	 j4N1Oy0LmjPYfPWdNCjkI8D1vZWFJCtgujydI11I=
From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top,
	Stefano Brivio <sbrivio@redhat.com>
Subject: [PATCH 1/2] conf: Fix size checking of -I interface name
Date: Wed, 28 Jun 2023 15:11:14 +1000
Message-ID: <20230628051115.3692777-2-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20230628051115.3692777-1-david@gibson.dropbear.id.au>
References: <20230628051115.3692777-1-david@gibson.dropbear.id.au>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: S4NOQ2N557RRCNXOKCEW3GDG7VGEMOUC
X-Message-ID-Hash: S4NOQ2N557RRCNXOKCEW3GDG7VGEMOUC
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Gibson <david@gibson.dropbear.id.au>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20230628051115.3692777-2-david@gibson.dropbear.id.au/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/S4NOQ2N557RRCNXOKCEW3GDG7VGEMOUC/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

Network interface names must fit in a buffer of IFNAMSIZ bytes, including
the terminating \0.  IFNAMSIZ is 16 on Linux, so interface names can be
up to (and including) 15 characters long.

We validate this for the -I option, but we have an off by one error.  We
pass (IFNAMSIZ - 1) as the buffer size to snprintf(), but that buffer size
already includes the terminating \0, so this actually truncates the value
to 14 characters.  The return value returned from snprintf() however, is
the number of characters that would have been printed *excluding* the
terminating \0, so by comparing it >= IFNAMSIZ - 1 we are giving an error
on names >= 15 characters rather than strictly > 15 characters.

Bugzila: https://bugs.passt.top/show_bug.cgi?id=61

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 conf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/conf.c b/conf.c
index 68487a41..19064368 100644
--- a/conf.c
+++ b/conf.c
@@ -1439,9 +1439,9 @@ void conf(struct ctx *c, int argc, char **argv)
 			if (*c->pasta_ifn)
 				die("Multiple --ns-ifname options given");
 
-			ret = snprintf(c->pasta_ifn, IFNAMSIZ - 1, "%s",
+			ret = snprintf(c->pasta_ifn, IFNAMSIZ, "%s",
 				       optarg);
-			if (ret <= 0 || ret >= IFNAMSIZ - 1)
+			if (ret <= 0 || ret >= IFNAMSIZ)
 				die("Invalid interface name: %s", optarg);
 
 			break;
-- 
2.41.0