From mboxrd@z Thu Jan  1 00:00:00 1970
Received: by passt.top (Postfix, from userid 1000)
	id 3AED65A061A; Sun, 03 May 2026 23:56:01 +0200 (CEST)
From: Stefano Brivio <sbrivio@redhat.com>
To: passt-dev@passt.top
Subject: [PATCH v6 06/18] pif: Limit pif names to 128 bytes
Date: Sun,  3 May 2026 23:55:49 +0200
Message-ID: <20260503215601.823029-7-sbrivio@redhat.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260503215601.823029-1-sbrivio@redhat.com>
References: <20260503215601.823029-1-sbrivio@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: WUJ2EJNX6UISJZ3FMNWLFTMHPU2UWGT2
X-Message-ID-Hash: WUJ2EJNX6UISJZ3FMNWLFTMHPU2UWGT2
X-MailFrom: sbrivio@passt.top
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Jon Maloy <jmaloy@redhat.com>, David Gibson <david@gibson.dropbear.id.au>, Laurent Vivier <lvivier@redhat.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20260503215601.823029-7-sbrivio@redhat.com/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/WUJ2EJNX6UISJZ3FMNWLFTMHPU2UWGT2/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

From: David Gibson <david@gibson.dropbear.id.au>

All current pif names are quite short, and we expect them to remain short
when/if we allow arbitrary pifs.  However, because of the structure of
the current code we don't enforce any limit on the length.

This will become more important with dynamic configuration updates, so
start enforcing a length limit.  Specifically we allow pif names to be up
to 128 bytes (PIF_NAME_SIZE), including the terminating \0.  This is
more or less arbitrary, but seems like it should be comfortably enough for
all the cases we have in mind.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
 pif.c | 2 +-
 pif.h | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/pif.c b/pif.c
index 1e80724..d5e3161 100644
--- a/pif.c
+++ b/pif.c
@@ -17,7 +17,7 @@
 #include "inany.h"
 #include "epoll_ctl.h"
 
-const char *pif_type_str[] = {
+const char pif_type_str[][PIF_NAME_SIZE] = {
 	[PIF_NONE]		= "<none>",
 	[PIF_HOST]		= "HOST",
 	[PIF_TAP]		= "TAP",
diff --git a/pif.h b/pif.h
index 7bb58e5..90dd3a3 100644
--- a/pif.h
+++ b/pif.h
@@ -35,7 +35,9 @@ enum pif_type {
 	PIF_NUM_TYPES,
 };
 
-extern const char *pif_type_str[];
+/* Maxmimum size of a pif name, including \0 */
+#define	PIF_NAME_SIZE	(128)
+extern const char pif_type_str[][PIF_NAME_SIZE];
 
 static inline const char *pif_type(enum pif_type pt)
 {
@@ -43,6 +45,7 @@ static inline const char *pif_type(enum pif_type pt)
 		return pif_type_str[pt];
 	else
 		return "?";
+	static_assert(sizeof("?") <= PIF_NAME_SIZE);
 }
 
 static inline const char *pif_name(uint8_t pif)
-- 
2.43.0