From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id B2BE25A0052
	for <passt-dev@passt.top>; Thu, 06 Jun 2024 12:10:09 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202312; t=1717668601;
	bh=uQvk4LzUqj/b+BvLhK9e9Wn9DjhHOSX/AvjImIPvM7s=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=JIHNuzSYK8BoLdP/sc8IqjOhjfsydzQEeGLQAIbLGReS2qxdvrNjpZxTDDSMjz/5A
	 luUBdCkIxIFlH4KwbjjqcmzLkA38Pp9bHPBaGvJ5/ohDbkbsI0aKfnfqDyqxobt98h
	 HA758QBhOrTcT16yBvHJcDzzAYw2Ynq7X5Qij8it7p43yEWQw/TwuqL4zNwzYPmGN5
	 EKCQk0ci/rrbMD096qI11I8kFqUn9q14+iBUZ9y9jlsJFY79A1jHd5tlxXZAf/+r7G
	 QXcAfja0cO13ovA/uwAq4T7EayLFrCehvflSooC244z1I1oZsCpztTP15Gvuq+aZ0E
	 DjwDW9flt09ZQ==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4Vw0ST4ghbz4x2L; Thu,  6 Jun 2024 20:10:01 +1000 (AEST)
From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top,
	Stefano Brivio <sbrivio@redhat.com>
Subject: [PATCH 7/9] conf: Safer parsing of MAC addresses
Date: Thu,  6 Jun 2024 20:09:47 +1000
Message-ID: <20240606100949.1250958-8-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20240606100949.1250958-1-david@gibson.dropbear.id.au>
References: <20240606100949.1250958-1-david@gibson.dropbear.id.au>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: 5VLUFHJO6TG4NNPUGRJ2XJBFOAOSXJJX
X-Message-ID-Hash: 5VLUFHJO6TG4NNPUGRJ2XJBFOAOSXJJX
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Gibson <david@gibson.dropbear.id.au>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20240606100949.1250958-8-david@gibson.dropbear.id.au/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/5VLUFHJO6TG4NNPUGRJ2XJBFOAOSXJJX/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

In conf() we parse a MAC address in two places, for the --ns-mac-addr and
the -M options.  As well as duplicating code, the logic for this parsing
has several bugs:
  * The most serious is that if the given string is shorter than a MAC
    address should be, we'll access past the end of it.
  * We don't check the endptr supplied by strtol() which means we could
    ignore certain erroneous contents
  * We never check the separator characters between each octet
  * We ignore certain sorts of garbage that follow the MAC address

Correct all these bugs in a new parse_mac() helper.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 conf.c | 53 ++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 36 insertions(+), 17 deletions(-)

diff --git a/conf.c b/conf.c
index 72ca1fc8..fdeb9db7 100644
--- a/conf.c
+++ b/conf.c
@@ -1124,6 +1124,39 @@ static void conf_open_files(struct ctx *c)
 	c->pidfile_fd = pidfile_open(c->pidfile);
 }
 
+/**
+ * parse_mac - Parse a MAC address from a string
+ * @mac:	Binary MAC address, initialised on success
+ * @str:	String to parse
+ *
+ * Parses @str as an Ethernet MAC address stored in @mac on success.  Exits on
+ * failure.
+ */
+static void parse_mac(unsigned char mac[ETH_ALEN], const char *str)
+{
+	size_t i;
+
+	if (strlen(str) != (ETH_ALEN * 3 - 1))
+		goto fail;
+
+	for (i = 0; i < ETH_ALEN; i++) {
+		const char *octet = str + 3 * i;
+		unsigned long b;
+		char *end;
+
+		errno = 0;
+		b = strtoul(octet, &end, 16);
+		if (b > UCHAR_MAX || errno || end != octet + 2 ||
+		    *end != ((i == ETH_ALEN - 1) ? '\0' : ':'))
+			goto fail;
+		mac[i] = b;
+	}
+	return;
+
+fail:
+	die("Invalid MAC address: %s", str);
+}
+
 /**
  * conf() - Process command-line arguments and set configuration
  * @c:		Execution context
@@ -1200,9 +1233,9 @@ void conf(struct ctx *c, int argc, char **argv)
 	unsigned int ifi4 = 0, ifi6 = 0;
 	const char *logfile = NULL;
 	const char *optstring;
-	int name, ret, b, i;
 	size_t logsize = 0;
 	char *runas = NULL;
+	int name, ret;
 	uid_t uid;
 	gid_t gid;
 
@@ -1243,14 +1276,7 @@ void conf(struct ctx *c, int argc, char **argv)
 			if (c->mode != MODE_PASTA)
 				die("--ns-mac-addr is for pasta mode only");
 
-			for (i = 0; i < ETH_ALEN; i++) {
-				errno = 0;
-				b = strtol(optarg + (intptr_t)i * 3, NULL, 16);
-				if (b < 0 || b > UCHAR_MAX || errno)
-					die("Invalid MAC address: %s", optarg);
-
-				c->mac_guest[i] = b;
-			}
+			parse_mac(c->mac_guest, optarg);
 			break;
 		case 5:
 			if (c->mode != MODE_PASTA)
@@ -1510,14 +1536,7 @@ void conf(struct ctx *c, int argc, char **argv)
 
 			break;
 		case 'M':
-			for (i = 0; i < ETH_ALEN; i++) {
-				errno = 0;
-				b = strtol(optarg + (intptr_t)i * 3, NULL, 16);
-				if (b < 0 || b > UCHAR_MAX || errno)
-					die("Invalid MAC address: %s", optarg);
-
-				c->mac[i] = b;
-			}
+			parse_mac(c->mac, optarg);
 			break;
 		case 'g':
 			if (c->mode == MODE_PASTA)
-- 
2.45.2