IFNAMSIZ is 16, and the allowed byte length of the name is one less than
that. Fix the length check and adjust a test for covering the longest
allowed interface name.
This is obviously a change in behavior, because previously interface
names with length 16 were accepted and were silently truncated along the
way. Now they are rejected as invalid.
Fixes: fa52bc225806 ("parser: reject zero-length interface names")
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
#include <stdio.h>
#include <inttypes.h>
#include <syslog.h>
+#include <net/if.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/if_ether.h>
return NULL;
}
- if (length > 16) {
+ if (length >= IFNAMSIZ) {
xfree(name);
erec_queue(error(location, "interface name too long"), queue);
return NULL;
rc=0
$NFT -f - <<< $EXPECTED || rc=$?
-test "$rc" = 0
+test "$rc" = 1
cat <<EOF | $DIFF -u <($NFT list ruleset) -
table netdev filter1 {
chain Main_Ingress1 {
type filter hook ingress device "lo" priority -500; policy accept;
}
}
-table netdev filter2 {
- chain Main_Ingress2 {
- type filter hook ingress devices = { d23456789012345, lo } priority -500; policy accept;
- }
-}
EOF
projects / thirdparty / nftables.git / commitdiff
