ipset: Handle missing leading zeros in ethernet address parser

ipset would not parse ether addresses which are not exactly
17 characters long, for ex. 1:2:3:4:5:6, which is fixed in
the patch.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>

diff --git a/lib/parse.c b/lib/parse.c
index 4db872e9f839701acffbba06226375fc8281b176..be6e8336cc6c2b4804f8dec309c988f1ff3f3ac3 100644 (file)
--- a/lib/parse.c
+++ b/lib/parse.c
@@ -180,24 +180,27 @@ int
 ipset_parse_ether(struct ipset_session *session,
                  enum ipset_opt opt, const char *str)
 {
-       unsigned int i = 0;
+       size_t len, p = 0, i = 0;
        unsigned char ether[ETH_ALEN];
 
        assert(session);
        assert(opt == IPSET_OPT_ETHER);
        assert(str);
 
-       if (strlen(str) != ETH_ALEN * 3 - 1)
+       len = strlen(str);
+
+       if (len > ETH_ALEN * 3 - 1)
                goto error;
 
        for (i = 0; i < ETH_ALEN; i++) {
                long number;
                char *end;
 
-               number = strtol(str + i * 3, &end, 16);
+               number = strtol(str + p, &end, 16);
+               p = end - str + 1;
 
-               if (end == str + i * 3 + 2 &&
-                   (*end == ':' || *end == '\0') &&
+               if (((*end == ':' && i < ETH_ALEN - 1) ||
+                    (*end == '\0' && i == ETH_ALEN - 1)) &&
                    number >= 0 && number <= 255)
                        ether[i] = number;
                else

diff --git a/tests/macipmap.t b/tests/macipmap.t
index 53b12fafcd89414e1ca752fe432ed37deef78466..45783d63720971260c41249cc4d578663c5121c2 100644 (file)
--- a/tests/macipmap.t
+++ b/tests/macipmap.t
@@ -44,6 +44,14 @@
 0 diff -u -I 'Size in memory.*' .foo macipmap.t.list0
 # Range: Flush test set
 0 ipset -F test
+# Range: Catch invalid (too long) MAC
+1 ipset -A test 2.0.0.2,00:11:22:33:44:55:66
+# Range: Catch invalid (too short) MAC
+1 ipset -A test 2.0.0.2,00:11:22:33:44
+# Range: Add an element with MAC without leading zeros
+0 ipset -A test 2.0.0.2,0:1:2:3:4:5
+# Range: Check element with MAC without leading zeros
+0 ipset -T test 2.0.0.2,0:1:2:3:4:5
 # Range: Delete test set
 0 ipset -X test
 # Network: Try to create a set from an invalid network