build: strengthen check for overlong lladdr components

ethermac[i] > UINT8_MAX is quite pointless, because ethermac[i] is
just uint8_t. To catch values that are not in the range "00"-"ff", use
a string length check (end-arg>2). I am willingly using 2 there,
because no one is going to specify an Ethernet LL address as
"0x00:0x24:0xbe:0xc2:0x7f:0x16" -- because it is always interpreted as
hexadecimal anyway even without the 0x prefix.

xtoptions.c: In function "xtopt_parse_ethermac":
xtoptions.c:760:3: warning: comparison is always false due to limited range of data type
xtoptions.c:766:2: warning: comparison is always false due to limited range of data type

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

diff --git a/iptables/xtoptions.c b/iptables/xtoptions.c
index 1423724b94a347fd484e1d5fa20408a88f3b3dae..7095e3ea5d2379ee66ed4912a455d213e330dd8d 100644 (file)
--- a/iptables/xtoptions.c
+++ b/iptables/xtoptions.c
@@ -757,13 +757,13 @@ static void xtopt_parse_ethermac(struct xt_option_call *cb)
 
        for (i = 0; i < ARRAY_SIZE(cb->val.ethermac) - 1; ++i) {
                cb->val.ethermac[i] = strtoul(arg, &end, 16);
-               if (cb->val.ethermac[i] > UINT8_MAX || *end != ':')
+               if (*end != ':' || end - arg > 2)
                        goto out;
                arg = end + 1;
        }
        i = ARRAY_SIZE(cb->val.ethermac) - 1;
        cb->val.ethermac[i] = strtoul(arg, &end, 16);
-       if (cb->val.ethermac[i] > UINT8_MAX || *end != '\0')
+       if (*end != '\0' || end - arg > 2)
                goto out;
        if (cb->entry->flags & XTOPT_PUT)
                memcpy(XTOPT_MKPTR(cb), cb->val.ethermac,