From: Lennart Poettering Date: Tue, 9 Mar 2021 19:43:02 +0000 (+0100) Subject: socket-util: refuse ifnames with embedded '%' as invalid X-Git-Tag: v248-rc3~18 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e5f8ce13bbaf0d8b9ff597692c67fba0e38b4200;p=thirdparty%2Fsystemd.git socket-util: refuse ifnames with embedded '%' as invalid So Linux has this (insane — in my opinion) "feature" that if you name a network interface "foo%d" then it will automatically look for the interface starting with "foo…" with the lowest number that is not used yet and allocates that. We should never clash with this "magic" handling of ifnames, hence refuse this, since otherwise we never know what the name is we end up with. We should probably switch things from a deny list to an allow list sooner or later and be much stricter. Since the kernel directly enforces only very few rules on the names, we'd need to do some research what is safe and what is not first, though. --- diff --git a/src/basic/socket-util.c b/src/basic/socket-util.c index 8402e79c312..552ec053ffe 100644 --- a/src/basic/socket-util.c +++ b/src/basic/socket-util.c @@ -787,7 +787,10 @@ bool ifname_valid_full(const char *p, IfnameValidFlags flags) { if ((unsigned char) *t <= 32U) return false; - if (IN_SET(*t, ':', '/')) + if (IN_SET(*t, + ':', /* colons are used by the legacy "alias" interface logic */ + '/', /* slashes cannot work, since we need to use network interfaces in sysfs paths, and in paths slashes are separators */ + '%')) /* %d is used in the kernel's weird foo%d format string naming feature which we really really don't want to ever run into by accident */ return false; numeric = numeric && (*t >= '0' && *t <= '9'); diff --git a/src/test/test-socket-netlink.c b/src/test/test-socket-netlink.c index af3ccec166f..da484a40032 100644 --- a/src/test/test-socket-netlink.c +++ b/src/test/test-socket-netlink.c @@ -74,7 +74,7 @@ static void test_socket_address_parse(void) { test_socket_address_parse_one("[::1]:1234%lo", 0, AF_INET6, NULL); test_socket_address_parse_one("[::1]:0%lo", -EINVAL, 0, NULL); test_socket_address_parse_one("[::1]%lo", -EINVAL, 0, NULL); - test_socket_address_parse_one("[::1]:1234%lo%lo", -ENODEV, 0, NULL); + test_socket_address_parse_one("[::1]:1234%lo%lo", -EINVAL, 0, NULL); test_socket_address_parse_one("[::1]:1234%xxxxasdf", -ENODEV, 0, NULL); test_socket_address_parse_one("192.168.1.254:8888", 0, AF_INET, NULL); test_socket_address_parse_one("/foo/bar", 0, AF_UNIX, NULL);