From cad73425d8813508432005e032e7f36a1db30ecd Mon Sep 17 00:00:00 2001 From: Patrick Talbert Date: Thu, 14 Jun 2018 15:46:57 +0200 Subject: [PATCH] ipaddress: strengthen check on 'label' input As mentioned in the ip-address man page, an address label must be equal to the device name or prefixed by the device name followed by a colon. Currently the only check on this input is to see if the device name appears at the beginning of the label string. This commit adds an additional check to ensure label == dev or continues with a colon. Signed-off-by: Patrick Talbert Suggested-by: Stephen Hemminger Signed-off-by: Stephen Hemminger --- ip/ipaddress.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/ip/ipaddress.c b/ip/ipaddress.c index bbd35e797..5009bfe6d 100644 --- a/ip/ipaddress.c +++ b/ip/ipaddress.c @@ -2065,6 +2065,16 @@ static bool ipaddr_is_multicast(inet_prefix *a) return false; } +static bool is_valid_label(const char *dev, const char *label) +{ + size_t len = strlen(dev); + + if (strncmp(label, dev, len) != 0) + return false; + + return label[len] == '\0' || label[len] == ':'; +} + static int ipaddr_modify(int cmd, int flags, int argc, char **argv) { struct { @@ -2208,8 +2218,10 @@ static int ipaddr_modify(int cmd, int flags, int argc, char **argv) fprintf(stderr, "Not enough information: \"dev\" argument is required.\n"); return -1; } - if (l && matches(d, l) != 0) { - fprintf(stderr, "\"dev\" (%s) must match \"label\" (%s).\n", d, l); + if (l && !is_valid_label(d, l)) { + fprintf(stderr, + "\"label\" (%s) must match \"dev\" (%s) or be prefixed by \"dev\" with a colon.\n", + l, d); return -1; } -- 2.47.2