IFNAMSIZ is 16, and the allowed byte length of the name is one less than
that. Fix the length check and adjust a test for covering the longest
allowed interface name.
This is obviously a change in behavior, because previously interface
names with length 16 were accepted and were silently truncated along the
way. Now they are rejected as invalid.
Fixes: fa52bc225806 ('parser: reject zero-length interface names')
Signed-off-by: Thomas Haller <thaller@xxxxxxxxxx>
---
src/parser_bison.y | 3 ++-
tests/shell/testcases/chains/0042chain_variable_0 | 7 +------
2 files changed, 3 insertions(+), 7 deletions(-)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index f0652ba651c6..9bfc3cdb2d12 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -16,6 +16,7 @@
#include <stdio.h>
#include <inttypes.h>
#include <syslog.h>
+#include <net/if.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/if_ether.h>
@@ -158,7 +159,7 @@ static struct expr *ifname_expr_alloc(const struct location *location,
return NULL;
}
- if (length > 16) {
+ if (length >= IFNAMSIZ) {
xfree(name);
erec_queue(error(location, "interface name too long"), queue);
return NULL;
diff --git a/tests/shell/testcases/chains/0042chain_variable_0 b/tests/shell/testcases/chains/0042chain_variable_0
index 739dc05a1777..a4b929f7344c 100755
--- a/tests/shell/testcases/chains/0042chain_variable_0
+++ b/tests/shell/testcases/chains/0042chain_variable_0
@@ -26,18 +26,13 @@ table netdev filter2 {
rc=0
$NFT -f - <<< $EXPECTED || rc=$?
-test "$rc" = 0
+test "$rc" = 1
cat <<EOF | $DIFF -u <($NFT list ruleset) -
table netdev filter1 {
chain Main_Ingress1 {
type filter hook ingress device "lo" priority -500; policy accept;
}
}
-table netdev filter2 {
- chain Main_Ingress2 {
- type filter hook ingress devices = { d23456789012345, lo } priority -500; policy accept;
- }
-}
EOF
--
2.41.0
