nspawn: check validity of the internal interface name only explicitly specified

yuwata · keszybz · commit a3d7809fd259 · 2023-09-06T16:38:02.000+02:00
Follow-up for 2f091b1. Fixes #28844. (cherry picked from commit 927e20f)
diff --git a/src/nspawn/nspawn-network.c b/src/nspawn/nspawn-network.c
@@ -774,20 +774,22 @@ static int network_iface_pair_parse(const char* iftype, char ***l, const char *p
                         return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                                "%s, interface name not valid: %s", iftype, a);
 
-                if (isempty(interface)) {
-                        if (ifprefix)
-                                b = strjoin(ifprefix, a);
-                        else
-                                b = strdup(a);
-                } else
+                /* Here, we only check the validity of the specified second name. If it is not specified,
+                 * the copied or prefixed name should be already valid, except for its length. If it is too
+                 * long, then it will be shortened later. */
+                if (!isempty(interface)) {
+                        if (!ifname_valid(interface))
+                                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+                                                       "%s, interface name not valid: %s", iftype, interface);
+
                         b = strdup(interface);
+                } else if (ifprefix)
+                        b = strjoin(ifprefix, a);
+                else
+                        b = strdup(a);
                 if (!b)
                         return log_oom();
 
-                if (!ifname_valid(b))
-                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                               "%s, interface name not valid: %s", iftype, b);
-
                 r = strv_consume_pair(l, TAKE_PTR(a), TAKE_PTR(b));
                 if (r < 0)
                         return log_oom();
diff --git a/test/units/testsuite-13.nspawn.sh b/test/units/testsuite-13.nspawn.sh
@@ -341,7 +341,7 @@ testcase_nspawn_settings() {
     rm -f "/etc/systemd/nspawn/$container.nspawn"
     mkdir -p "$root/tmp" "$root"/opt/{tmp,inaccessible,also-inaccessible}
 
-    for dev in sd-host-only sd-shared{1,2} sd-macvlan{1,2} sd-ipvlan{1,2}; do
+    for dev in sd-host-only sd-shared{1,2} sd-macvlan{1,2} sd-macvlanloong sd-ipvlan{1,2} sd-ipvlanlooong; do
         ip link add "$dev" type dummy
     done
     udevadm settle
@@ -395,8 +395,8 @@ VirtualEthernet=yes
 VirtualEthernetExtra=my-fancy-veth1
 VirtualEthernetExtra=fancy-veth2:my-fancy-veth2
 Interface=sd-shared1 sd-shared2:sd-shared2
-MACVLAN=sd-macvlan1 sd-macvlan2:my-macvlan2
-IPVLAN=sd-ipvlan1 sd-ipvlan2:my-ipvlan2
+MACVLAN=sd-macvlan1 sd-macvlan2:my-macvlan2 sd-macvlanloong
+IPVLAN=sd-ipvlan1 sd-ipvlan2:my-ipvlan2 sd-ipvlanlooong
 Zone=sd-zone0
 Port=80
 Port=81:8181
