From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202502 header.b=DFrTniAR;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id C391D5A061F
	for <passt-dev@passt.top>; Wed, 19 Feb 2025 04:14:47 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202502; t=1739934871;
	bh=qYz/ZgL5nBkE+Rt00RaNBxWcJkI9Z4o9F+MjWaAJkUI=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=DFrTniARYlv7joeoOsO29xFTdhGVrEpFvVwYXscR0q/tYn3RPWJtBQTjJ7wL+HoPB
	 QaeYl/lX3UX9sslx5IfYQ4MVNYclDZVGbqJV02lgdJ8nXgfgBdVZhu5e7fmwAScx8x
	 gJKUiuc4e0fdT2ijCdf7+pMmP3e7ivORv1oPCOwlqfVHSOgKw3WFqtnXw6ALKgbzFK
	 OiiGnCXtcvivE172k5RfxMw+Jfe3cATy2/qkdl8RGcOjJPCCmQiWFr/HCjmtuXTO7D
	 WYUTMIG+VzSVWCq3tXdSkDVf0ASX82QDD6o2LbR3xemB1/N92faQmGbRptN/R9PWyC
	 VknSRWKSame6Q==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4YyM1z26Y2z4wyk; Wed, 19 Feb 2025 14:14:31 +1100 (AEDT)
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>,
	passt-dev@passt.top
Subject: [PATCH 1/3] conf: More thorough error checking when parsing --mtu option
Date: Wed, 19 Feb 2025 14:14:27 +1100
Message-ID: <20250219031429.3708026-2-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 2.48.1
In-Reply-To: <20250219031429.3708026-1-david@gibson.dropbear.id.au>
References: <20250219031429.3708026-1-david@gibson.dropbear.id.au>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: XLOWSDVUGY2MJJCV5NORSVNT2Y4F4S6W
X-Message-ID-Hash: XLOWSDVUGY2MJJCV5NORSVNT2Y4F4S6W
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Gibson <david@gibson.dropbear.id.au>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20250219031429.3708026-2-david@gibson.dropbear.id.au/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/XLOWSDVUGY2MJJCV5NORSVNT2Y4F4S6W/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

We're a bit sloppy with parsing MTU which can lead to some surprising,
though fairly harmless, results:
  * Passing a non-number like '-m xyz' will not give an error and act like
    -m 0
  * Junk after a number (e.g. '-m 1500pqr') will be ignored rather than
    giving an error
  * We parse the MTU as a long, then immediately assign to an int, so on
    some platforms certain ludicrously out of bounds values will be
    silently truncated, rather than giving an error

Be a bit more thorough with the error checking to avoid that.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 conf.c | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/conf.c b/conf.c
index 18017f51..335f37c9 100644
--- a/conf.c
+++ b/conf.c
@@ -1652,20 +1652,29 @@ void conf(struct ctx *c, int argc, char **argv)
 				die("Invalid PID file: %s", optarg);
 
 			break;
-		case 'm':
+		case 'm': {
+			unsigned long mtu;
+			char *e;
+
 			errno = 0;
-			c->mtu = strtol(optarg, NULL, 0);
+			mtu = strtoul(optarg, &e, 0);
+
+			if (errno || *e)
+				die("Invalid MTU: %s", optarg);
 
-			if (!c->mtu) {
+			if (!mtu) {
 				c->mtu = -1;
 				break;
 			}
 
-			if (c->mtu < ETH_MIN_MTU || c->mtu > (int)ETH_MAX_MTU ||
-			    errno)
-				die("Invalid MTU: %s", optarg);
+			if (mtu < ETH_MIN_MTU || mtu > ETH_MAX_MTU) {
+				die("MTU %lu out of range (%u..%u)", mtu,
+				    ETH_MIN_MTU, ETH_MAX_MTU);
+			}
 
+			c->mtu = mtu;
 			break;
+		}
 		case 'a':
 			if (inet_pton(AF_INET6, optarg, &c->ip6.addr)	&&
 			    !IN6_IS_ADDR_UNSPECIFIED(&c->ip6.addr)	&&
-- 
2.48.1