--- /dev/null
+From 217c3a07c7db694324b5c61eaaa07774735e2d7d Mon Sep 17 00:00:00 2001
+From: Denis Ovsienko <denis@ovsienko.info>
+Date: Thu, 9 Oct 2025 20:51:45 +0100
+Subject: [PATCH] Fix error messages about 32-bit integer overflow.
+
+Since commit a5cac25 stoulen() takes a pointer to a string and a
+length of the string and uses the length to report a problem about the
+string. However, by that time it has already modified the length, so
+the error message does not match the input:
+
+$ filtertest RAW '123456789012345'
+filtertest: number 1234 overflows 32 bits
+$ filtertest RAW '12345678901234567890'
+filtertest: number 123456789 overflows 32 bits
+$ filtertest RAW '123456789012345678901234567890'
+filtertest: number 1234567890123456789 overflows 32 bits
+$ filtertest RAW '0123456701234'
+filtertest: number overflows 32 bits
+$ filtertest RAW '0x100000000'
+filtertest: number overflows 32 bits
+
+Consequently, if more than one number in the filter expression is out of
+range, it can be not immediately obvious which one it is:
+
+$ filtertest RAW '4294967296 != 4294967297'
+filtertest: number overflows 32 bits
+
+To fix this, in stoulen() keep a copy of the original string length and
+use it for the error reporting. Ibid., factor the format string out and
+show the base in the message. Simplify the forward declaration. Add
+two comments to outline the clash space between certain MAC-48 addresses
+and certain octal integers. Document this syntax peculiarity in the man
+page and add a few basic reject tests.
+
+Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/0d8bd2f67c16637c4d25d81fb24cdcebc35afce6]
+Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
+---
+ pcap-filter.manmisc.in | 9 ++++++++-
+ scanner.l | 33 ++++++++++++++++++++++++---------
+ 2 files changed, 32 insertions(+), 10 deletions(-)
+
+diff --git a/pcap-filter.manmisc.in b/pcap-filter.manmisc.in
+index bfb692ff..929d668d 100644
+--- a/pcap-filter.manmisc.in
++++ b/pcap-filter.manmisc.in
+@@ -18,7 +18,7 @@
+ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ .\"
+-.TH PCAP-FILTER @MAN_MISC_INFO@ "13 June 2023"
++.TH PCAP-FILTER @MAN_MISC_INFO@ "9 October 2025"
+ .SH NAME
+ pcap-filter \- packet filter syntax
+ .br
+@@ -886,6 +886,13 @@ integer constants (expressed in standard C syntax), the normal binary operators
+ a length operator, and special packet data
+ accessors. Note that all comparisons are unsigned, so that, for example,
+ 0x80000000 and 0xffffffff are > 0.
++.LP
++Note that 32-bit octal integer constants in the [010000000000 .. 037777777777]
++interval, which includes 75% of all 32-bit integers, are interpreted as MAC-48
++addresses when prepended with a single zero (e.g., 012345670123 means
++01:23:45:67:01:23). To disambiguate the expression, prepend such an octal
++number with more zeroes (0012345670123) or represent the same value using a
++decimal (1402433619) or hexadecimal (0x53977053) number.
+ .IP
+ The
+ .B %
+diff --git a/scanner.l b/scanner.l
+index 57779497..49aaeab2 100644
+--- a/scanner.l
++++ b/scanner.l
+@@ -48,8 +48,8 @@ typedef enum {
+ STOULEN_ERROR
+ } stoulen_ret;
+
+-stoulen_ret stoulen(const char *string, size_t stringlen, bpf_u_int32 *val,
+- compiler_state_t *cstate);
++stoulen_ret stoulen(const char *, const size_t, bpf_u_int32 *,
++ compiler_state_t *);
+ }
+
+ /*
+@@ -244,6 +244,12 @@ V6004 ::{N}\.{N}\.{N}\.{N}
+
+ V6 ({V680}|{V670}|{V671}|{V672}|{V673}|{V674}|{V675}|{V676}|{V677}|{V660}|{V661}|{V662}|{V663}|{V664}|{V665}|{V666}|{V650}|{V651}|{V652}|{V653}|{V654}|{V655}|{V640}|{V641}|{V642}|{V643}|{V644}|{V630}|{V631}|{V632}|{V633}|{V620}|{V621}|{V622}|{V610}|{V611}|{V600}|{V6604}|{V6504}|{V6514}|{V6524}|{V6534}|{V6544}|{V6554}|{V6404}|{V6414}|{V6424}|{V6434}|{V6444}|{V6304}|{V6314}|{V6324}|{V6334}|{V6204}|{V6214}|{V6224}|{V6104}|{V6114}|{V6004})
+
++ /*
++ * In the regexp below the "{B2}{3}" form matches all octal numbers in
++ * the [010000000000 .. 077777777777] interval that use a single leading
++ * zero. The interval includes both integer values that fit into 32
++ * bits and values that don't.
++ */
+ MAC ({B}:{B}:{B}:{B}:{B}:{B}|{B}\-{B}\-{B}\-{B}\-{B}\-{B}|{B}\.{B}\.{B}\.{B}\.{B}\.{B}|{B2}\.{B2}\.{B2}|{B2}{3})
+
+
+@@ -486,13 +492,16 @@ tcp-cwr { yylval->h = 0x80; return NUM; }
+ */
+ DIAG_ON_FLEX
+
++#define FORMAT_OVERFLOWS_32_BITS "%s number %.*s overflows 32 bits"
++
+ stoulen_ret
+-stoulen(const char *string, size_t string_len, bpf_u_int32 *val,
++stoulen(const char *string, const size_t orig_string_len, bpf_u_int32 *val,
+ compiler_state_t *cstate)
+ {
+ bpf_u_int32 n = 0;
+ unsigned int digit;
+ const char *s = string;
++ size_t string_len = orig_string_len;
+
+ /*
+ * string is guaranteed either to be a string of decimal digits
+@@ -538,8 +547,8 @@ stoulen(const char *string, size_t string_len, bpf_u_int32 *val,
+ * in 32 bits.
+ */
+ bpf_set_error(cstate,
+- "number %.*s overflows 32 bits",
+- (int)string_len, string);
++ FORMAT_OVERFLOWS_32_BITS,
++ "hexadecimal", (int)orig_string_len, string);
+ return STOULEN_ERROR;
+ }
+ n = (n << 4) + digit;
+@@ -573,10 +582,16 @@ stoulen(const char *string, size_t string_len, bpf_u_int32 *val,
+ * number, and are about to add
+ * 3 more; that won't fit in
+ * 32 bits.
++ *
++ * This code path depends on using more
++ * than one leading zero for all values
++ * in the [040000000000 .. 077777777777]
++ * interval, otherwise the MAC regexp
++ * above consumes the string first.
+ */
+ bpf_set_error(cstate,
+- "number %.*s overflows 32 bits",
+- (int)string_len, string);
++ FORMAT_OVERFLOWS_32_BITS,
++ "octal", (int)orig_string_len, string);
+ return STOULEN_ERROR;
+ }
+ n = (n << 3) + digit;
+@@ -609,8 +624,8 @@ stoulen(const char *string, size_t string_len, bpf_u_int32 *val,
+ * number that won't fit in 32 bits.
+ */
+ bpf_set_error(cstate,
+- "number %.*s overflows 32 bits",
+- (int)string_len, string);
++ FORMAT_OVERFLOWS_32_BITS,
++ "decimal", (int)orig_string_len, string);
+ return STOULEN_ERROR;
+ }
+ n = (n * 10) + digit;
+--
+2.34.1
+
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
