ipproto_name() returns a static string of theoretically unbounded length.
That's going to be inconvenient in future, so introduce IPPROTO_STRLEN
giving an explicit bound on the length. Use static_assert() and some
macros to ensure nothing we return can exceed this.
Signed-off-by: David Gibson
---
ip.c | 18 ++++++++++++------
ip.h | 1 +
2 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/ip.c b/ip.c
index 4e4e0bf5..f2506bb1 100644
--- a/ip.c
+++ b/ip.c
@@ -15,6 +15,7 @@
* Author: Stefano Brivio
*/
+#include
#include
#include
@@ -24,7 +25,7 @@
* ipproto_name() - Get IP protocol name from number
* @proto: IP protocol number
*
- * Return: pointer to name of protocol @proto
+ * Return: pointer to name of protocol @proto (<= IPPROTO_STRLEN bytes)
*
* Usually this would be done with getprotobynumber(3) but that reads
* /etc/protocols and might allocate, which isn't possible for us once
@@ -33,16 +34,21 @@
const char *ipproto_name(uint8_t proto)
{
switch (proto) {
+#define CASE(s) \
+ static_assert(sizeof(s) <= IPPROTO_STRLEN, \
+ "Increase IPPROTO_STRLEN to contain " #s); \
+ return s;
case IPPROTO_ICMP:
- return "ICMP";
+ CASE("ICMP");
case IPPROTO_TCP:
- return "TCP";
+ CASE("TCP");
case IPPROTO_UDP:
- return "UDP";
+ CASE("UDP");
case IPPROTO_ICMPV6:
- return "ICMPv6";
+ CASE("ICMPv6");
default:
- return "<unknown protocol>";
+ CASE("<unknown protocol>");
+#undef CASE
}
}
diff --git a/ip.h b/ip.h
index f6c29e00..aab9b86a 100644
--- a/ip.h
+++ b/ip.h
@@ -117,6 +117,7 @@ static inline uint32_t ip6_get_flow_lbl(const struct ipv6hdr *ip6h)
ip6h->flow_lbl[2];
}
+#define IPPROTO_STRLEN (sizeof("<unknown protocol>"))
const char *ipproto_name(uint8_t proto);
/* IPv6 link-local all-nodes multicast address, ff02::1 */
--
2.53.0