socket-util: refuse ifnames with embedded '%' as invalid

So Linux has this (insane — in my opinion) "feature" that if you name a
network interface "foo%d" then it will automatically look for the
interface starting with "foo…" with the lowest number that is not used
yet and allocates that.

We should never clash with this "magic" handling of ifnames, hence
refuse this, since otherwise we never know what the name is we end up
with.

We should probably switch things from a deny list to an allow list
sooner or later and be much stricter. Since the kernel directly enforces
only very few rules on the names, we'd need to do some research what is
safe and what is not first, though.

(cherry picked from commit e5f8ce13bbaf0d8b9ff597692c67fba0e38b4200)

diff --git a/src/basic/socket-util.c b/src/basic/socket-util.c
index 48d0718d5d39199bbd45a5cb39a5834c9773dfae..b5c9a6369aa23d3692bff6166c35f6d8239e6694 100644 (file)
--- a/src/basic/socket-util.c
+++ b/src/basic/socket-util.c
@@ -723,7 +723,10 @@ bool ifname_valid_full(const char *p, IfnameValidFlags flags) {
                 if ((unsigned char) *t <= 32U)
                         return false;
 
-                if (IN_SET(*t, ':', '/'))
+                if (IN_SET(*t,
+                           ':',  /* colons are used by the legacy "alias" interface logic */
+                           '/',  /* slashes cannot work, since we need to use network interfaces in sysfs paths, and in paths slashes are separators */
+                           '%')) /* %d is used in the kernel's weird foo%d format string naming feature which we really really don't want to ever run into by accident */
                         return false;
 
                 numeric = numeric && (*t >= '0' && *t <= '9');

diff --git a/src/test/test-socket-netlink.c b/src/test/test-socket-netlink.c
index 704cc01e6f39e0b864ef8520bfcd320af5dc9f7c..d4cc6d7ec9faa96b5dc3cedfcc92e1486b0c09eb 100644 (file)
--- a/src/test/test-socket-netlink.c
+++ b/src/test/test-socket-netlink.c
@@ -72,7 +72,7 @@ static void test_socket_address_parse(void) {
         test_socket_address_parse_one("[::1]:1234%lo", 0, AF_INET6, NULL);
         test_socket_address_parse_one("[::1]:0%lo", -EINVAL, 0, NULL);
         test_socket_address_parse_one("[::1]%lo", -EINVAL, 0, NULL);
-        test_socket_address_parse_one("[::1]:1234%lo%lo", -ENODEV, 0, NULL);
+        test_socket_address_parse_one("[::1]:1234%lo%lo", -EINVAL, 0, NULL);
         test_socket_address_parse_one("[::1]:1234%xxxxasdf", -ENODEV, 0, NULL);
         test_socket_address_parse_one("192.168.1.254:8888", 0, AF_INET, NULL);
         test_socket_address_parse_one("/foo/bar", 0, AF_UNIX, NULL);