[pve-devel] [PATCH installer 1/6] sys: net: pinning: make interface name checks stricter
Christoph Heiss
c.heiss at proxmox.com
Thu Nov 13 14:49:49 CET 2025
According to our `pve-iface` schema, names must be at least two
characters long and start with a (latin) letter.
Reported-by: Stoiko Ivanov <s.ivanov at proxmox.com>
Signed-off-by: Christoph Heiss <c.heiss at proxmox.com>
---
Proxmox/Sys/Net.pm | 17 +++++++++++------
proxinstall | 3 +--
test/validate-link-pin-map.pl | 23 +++++++++++++++++++++--
3 files changed, 33 insertions(+), 10 deletions(-)
diff --git a/Proxmox/Sys/Net.pm b/Proxmox/Sys/Net.pm
index 991f723..016a7f8 100644
--- a/Proxmox/Sys/Net.pm
+++ b/Proxmox/Sys/Net.pm
@@ -13,13 +13,16 @@ our @EXPORT_OK = qw(
parse_ip_mask
parse_fqdn
validate_link_pin_map
+ MIN_IFNAME_LEN
MAX_IFNAME_LEN
DEFAULT_PIN_PREFIX
);
-# Maximum length of the (primary) name of a network interface
-# IFNAMSIZ - 1 to account for NUL byte
use constant {
+ # As dictated by the `pve-iface` schema.
+ MIN_IFNAME_LEN => 2,
+ # Maximum length of the (primary) name of a network interface.
+ # IFNAMSIZ - 1 to account for NUL byte
MAX_IFNAME_LEN => 15,
DEFAULT_PIN_PREFIX => 'nic',
};
@@ -338,8 +341,10 @@ sub validate_link_pin_map : prototype($) {
my $reverse_mapping = {};
while (my ($mac, $name) = each %$mapping) {
- if (!defined($name) || $name eq '') {
- die "interface name for '$mac' cannot be empty\n";
+ if (!defined($name) || length($name) < MIN_IFNAME_LEN) {
+ die "interface name for '$mac' must be at least "
+ . MIN_IFNAME_LEN
+ . " characters long\n";
}
if (length($name) > MAX_IFNAME_LEN) {
@@ -353,8 +358,8 @@ sub validate_link_pin_map : prototype($) {
. "name must not be fully numeric\n";
}
- if ($name =~ m/^[0-9]/) {
- die "interface name '$name' for '$mac' is invalid: name must not start with a number\n";
+ if ($name !~ m/^[a-z]/) {
+ die "interface name '$name' for '$mac' is invalid: name must start with a letter\n";
}
if ($name !~ m/^[a-zA-Z_][a-zA-Z0-9_]*$/) {
diff --git a/proxinstall b/proxinstall
index 49dd796..e3ea22e 100755
--- a/proxinstall
+++ b/proxinstall
@@ -37,8 +37,7 @@ use Proxmox::Sys;
use Proxmox::Sys::Block qw(get_cached_disks);
use Proxmox::Sys::Command qw(syscmd);
use Proxmox::Sys::File qw(file_read_all file_write_all);
-use Proxmox::Sys::Net
- qw(parse_ip_address parse_ip_mask validate_link_pin_map MAX_IFNAME_LEN DEFAULT_PIN_PREFIX);
+use Proxmox::Sys::Net qw(parse_ip_address parse_ip_mask validate_link_pin_map DEFAULT_PIN_PREFIX);
use Proxmox::UI;
my $step_number = 0; # Init number for global function list
diff --git a/test/validate-link-pin-map.pl b/test/validate-link-pin-map.pl
index 6386700..37e8387 100755
--- a/test/validate-link-pin-map.pl
+++ b/test/validate-link-pin-map.pl
@@ -8,7 +8,18 @@ use Test::More;
use Proxmox::Sys::Net qw(validate_link_pin_map);
eval { validate_link_pin_map({ 'ab:cd:ef:12:34:56' => '' }) };
-is($@, "interface name for 'ab:cd:ef:12:34:56' cannot be empty\n");
+is(
+ $@,
+ "interface name for 'ab:cd:ef:12:34:56' must be at least 2 characters long\n",
+ "empty name is rejected",
+);
+
+eval { validate_link_pin_map({ 'ab:cd:ef:12:34:56' => 'a' }) };
+is(
+ $@,
+ "interface name for 'ab:cd:ef:12:34:56' must be at least 2 characters long\n",
+ "1 character name is rejected",
+);
eval { validate_link_pin_map({ 'ab:cd:ef:12:34:56' => 'waytoolonginterfacename' }) };
is(
@@ -30,7 +41,15 @@ is(
eval { validate_link_pin_map({ 'ab:cd:ef:12:34:56' => '0nic' }) };
is(
$@,
- "interface name '0nic' for 'ab:cd:ef:12:34:56' is invalid: name must not start with a number\n",
+ "interface name '0nic' for 'ab:cd:ef:12:34:56' is invalid: name must start with a letter\n",
+ "name starting with number is rejected",
+);
+
+eval { validate_link_pin_map({ 'ab:cd:ef:12:34:56' => '_a' }) };
+is(
+ $@,
+ "interface name '_a' for 'ab:cd:ef:12:34:56' is invalid: name must start with a letter\n",
+ "name starting with underscore is rejected",
);
eval { validate_link_pin_map({ 'ab:cd:ef:12:34:56' => '12345' }) };
--
2.51.0
More information about the pve-devel
mailing list