git.ipfire.org Git - thirdparty/nftables.git/commit

author	Florian Westphal <fw@strlen.de>
	Tue, 24 Jun 2025 21:46:59 +0000 (23:46 +0200)
committer	Florian Westphal <fw@strlen.de>
	Wed, 25 Jun 2025 22:09:53 +0000 (00:09 +0200)
commit	bed99830c4c63eae205c28a7ff914737bedb199d
tree	0203324ffbae2505349731235ca55f4058d9be3b	tree
parent	d477eada4f271f5f8774b5f467d937b1439cb46b	commit \| diff

json: reject too long interface names

Blamed commit added a length check on ifnames to the bison parser.
Unfortunately that wasn't enough, json parser has the same issue.

Bogon results in:
BUG: Interface length 44 exceeds limit
nft: src/mnl.c:742: nft_dev_add: Assertion `0' failed.

After patch, included bogon results in:
Error: Invalid device at index 0. name d2345678999999999999999999999999999999012345 too long

I intentionally did not extend evaluate.c to catch this, past sentiment
was that frontends should not send garbage.

I'll send a followup patch to also catch this from eval stage in case there
are further reports for frontends passing in such long names.

Fixes: fa52bc225806 ("parser: reject zero-length interface names")
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>

src/parser_json.c		diff \| blob \| blame \| history
tests/shell/testcases/bogons/nft-j-f/dev_name_parser_overflow_crash	[new file with mode: 0644]	blob