socket-util: refuse ifnames with embedded '%' as invalid

So Linux has this (insane — in my opinion) "feature" that if you name a network interface "foo%d" then it will automatically look for the interface starting with "foo…" with the lowest number that is not used yet and allocates that. We should never clash with this "magic" handling of ifnames, hence refuse this, since otherwise we never know what the name is we end up with. We should probably switch things from a deny list to an allow list sooner or later and be much stricter. Since the kernel directly enforces only very few rules on the names, we'd need to do some research what is safe and what is not first, though.
update TODO
2025-10-04 19:24:44 +02:00 · 2021-03-10 11:11:52 +09:00 · 2021-03-09 23:20:53 +01:00
3 changed files with 8 additions and 2 deletions
--- a/3
+++ b/3
@ -22,6 +22,9 @@ Janitorial Clean-ups:

 Features:

+* systemd-sysusers: pick up passwords from credentials logic, so that users can
+  easily set root user pw
+
 * whenever we receive fds via SCM_RIGHTS make sure none got dropped due to the
  reception limit the kernel silently enforces.

--- a/src/basic/socket-util.c
+++ b/src/basic/socket-util.c
@ -787,7 +787,10 @@ bool ifname_valid_full(const char *p, IfnameValidFlags flags) {
                if ((unsigned char) *t <= 32U)
                        return false;

-                if (IN_SET(*t, ':', '/'))
+                if (IN_SET(*t,
+                           ':',  /* colons are used by the legacy "alias" interface logic */
+                           '/',  /* slashes cannot work, since we need to use network interfaces in sysfs paths, and in paths slashes are separators */
+                           '%')) /* %d is used in the kernel's weird foo%d format string naming feature which we really really don't want to ever run into by accident */
                        return false;

                numeric = numeric && (*t >= '0' && *t <= '9');
--- a/src/test/test-socket-netlink.c
+++ b/src/test/test-socket-netlink.c
@ -74,7 +74,7 @@ static void test_socket_address_parse(void) {
        test_socket_address_parse_one("[::1]:1234%lo", 0, AF_INET6, NULL);
        test_socket_address_parse_one("[::1]:0%lo", -EINVAL, 0, NULL);
        test_socket_address_parse_one("[::1]%lo", -EINVAL, 0, NULL);
-        test_socket_address_parse_one("[::1]:1234%lo%lo", -ENODEV, 0, NULL);
+        test_socket_address_parse_one("[::1]:1234%lo%lo", -EINVAL, 0, NULL);
        test_socket_address_parse_one("[::1]:1234%xxxxasdf", -ENODEV, 0, NULL);
        test_socket_address_parse_one("192.168.1.254:8888", 0, AF_INET, NULL);
        test_socket_address_parse_one("/foo/bar", 0, AF_UNIX, NULL);