From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Sat, 16 Sep 2023 18:42:43 +0000 (+0200)
Subject: network: refusing parsing negative flow labels
X-Git-Tag: v255-rc1~458^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=af14281d2c12a2942552765508e61f8445abb483;p=thirdparty%2Fsystemd.git

network: refusing parsing negative flow labels

The docs for FlowLabel= said that the range is 0..1048575, but the code did not
reject negative numbers.
---

diff --git a/src/network/netdev/tunnel.c b/src/network/netdev/tunnel.c
index a6985753d4b..84da73c711e 100644
--- a/src/network/netdev/tunnel.c
+++ b/src/network/netdev/tunnel.c
@@ -909,7 +909,8 @@ int config_parse_ipv6_flowlabel(
                 void *userdata) {
 
         Tunnel *t = ASSERT_PTR(userdata);
-        int k, r;
+        uint32_t k;
+        int r;
 
         assert(filename);
         assert(rvalue);
@@ -920,21 +921,15 @@ int config_parse_ipv6_flowlabel(
                 return 0;
         }
 
-        r = safe_atoi(rvalue, &k);
-        if (r < 0) {
-                log_syntax(unit, LOG_WARNING, filename, line, r,
-                           "Failed to parse tunnel IPv6 flowlabel, ignoring assignment: %s", rvalue);
-                return 0;
-        }
-
-        if (k > 0xFFFFF) {
-                log_syntax(unit, LOG_WARNING, filename, line, 0,
-                           "Invalid tunnel IPv6 flowlabel, ignoring assignment: %s", rvalue);
-                return 0;
-        }
-
+        r = config_parse_uint32_bounded(
+                        unit, filename, line, section, section_line, lvalue, rvalue,
+                        0, 0xFFFFF, true,
+                        &k);
+        if (r <= 0)
+                return r;
         t->ipv6_flowlabel = htobe32(k) & IP6_FLOWINFO_FLOWLABEL;
         t->flags &= ~IP6_TNL_F_USE_ORIG_FLOWLABEL;
+
         return 0;
 }