network: fix static assertion on IPPROTO_MAX range

Builds with recent glibc would fail with:
../src/network/netdev/fou-tunnel.c: In function ‘config_parse_ip_protocol’:
../src/basic/macro.h:380:9: error: static assertion failed: "IPPROTO_MAX-1 <= UINT8_MAX"
  380 |         static_assert(expr, #expr)
      |         ^~~~~~~~~~~~~
../src/network/netdev/fou-tunnel.c:161:9: note: in expansion of macro ‘assert_cc’
  161 |         assert_cc(IPPROTO_MAX-1 <= UINT8_MAX);
      |         ^~~~~~~~~

This is because f9ac84f92f151e07586c55e14ed628d493a5929d (present in
glibc-2.31.9000-9.fc33.x86_64) added IPPROTO_MPTCP=262, following
v5.5-rc5-1002-gfaf391c382 in the kernel.

diff --git a/src/network/netdev/fou-tunnel.c b/src/network/netdev/fou-tunnel.c
index 3cc273c7fedafccbfe915a52452a74de8683ceff..40abacd6f75e9ea94d8ef94c229c94672be1934a 100644 (file)
--- a/src/network/netdev/fou-tunnel.c
+++ b/src/network/netdev/fou-tunnel.c
@@ -149,7 +149,10 @@ int config_parse_ip_protocol(
                 void *data,
                 void *userdata) {
 
-        uint8_t *protocol = data;
+        uint8_t *ret = data;
+        unsigned protocol;
+        /* linux/fou.h defines the netlink field as one byte, so we need to reject protocols numbers that
+         * don't fit in one byte. */
         int r;
 
         assert(filename);
@@ -158,11 +161,11 @@ int config_parse_ip_protocol(
         assert(rvalue);
         assert(data);
 
-        assert_cc(IPPROTO_MAX-1 <= UINT8_MAX);
-
         r = parse_ip_protocol(rvalue);
-        if (r < 0) {
-                r = safe_atou8(rvalue, protocol);
+        if (r >= 0)
+                protocol = r;
+        else {
+                r = safe_atou(rvalue, &protocol);
                 if (r < 0)
                         log_syntax(unit, LOG_ERR, filename, line, r,
                                    "Failed to parse IP protocol '%s' for Foo over UDP tunnel, "
@@ -170,7 +173,14 @@ int config_parse_ip_protocol(
                 return 0;
         }
 
-        *protocol = r;
+        if (protocol > UINT8_MAX) {
+                log_syntax(unit, LOG_ERR, filename, line, 0,
+                           "IP protocol '%s' for FooOverUDP tunnel out of range, "
+                           "ignoring assignment: %m", rvalue);
+                return 0;
+        }
+
+        *ret = protocol;
         return 0;
 }