From b97d38e5799834474004b6cba2ddda3223ac5b1d Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Wed, 21 Nov 2018 18:19:04 +0100
Subject: [PATCH] lldp: fix parsing of vlan-name attribute

We used to read 3 bytes after the TLV, fix this.

Also, check that string length is at most 32 bytes as specified in
figure E.3 of IEEE 802.1AB-2009.

Fixes: 18133ea1428648781dba74c26dd5d118e8d5ce33

https://bugzilla.redhat.com/show_bug.cgi?id=1652210
(cherry picked from commit e9097787102442d1db6e1ebfbe07140bf05318a2)
(cherry picked from commit 05c27c3c504c776b2ff3f3e34e717300c5ac1a0f)
(cherry picked from commit 6d4ad477b81e495a35767c996c9f4ad69f58e135)
---
 src/devices/nm-lldp-listener.c | 4 +++-
 src/devices/tests/test-lldp.c  | 5 ++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/devices/nm-lldp-listener.c b/src/devices/nm-lldp-listener.c
index 2ed2a7d9fa..bef238164e 100644
--- a/src/devices/nm-lldp-listener.c
+++ b/src/devices/nm-lldp-listener.c
@@ -532,11 +532,13 @@ lldp_neighbor_new (sd_lldp_neighbor *neighbor_sd, GError **error)
 				l = data8[2];
 				if (len != 3 + l)
 					continue;
+				if (l > 32)
+					continue;
 
 				_lldp_attr_set_uint32 (neigh->attrs, LLDP_ATTR_ID_IEEE_802_1_VID,
 				                       _access_uint16 (&data8[0]));
 				_lldp_attr_set_str_ptr (neigh->attrs, LLDP_ATTR_ID_IEEE_802_1_VLAN_NAME,
-				                        &data8[3], len);
+				                        &data8[3], l);
 				break;
 			}
 			default:
diff --git a/src/devices/tests/test-lldp.c b/src/devices/tests/test-lldp.c
index c3c4f0d2c5..2cf6bae103 100644
--- a/src/devices/tests/test-lldp.c
+++ b/src/devices/tests/test-lldp.c
@@ -220,11 +220,10 @@ TEST_RECV_FRAME_DEFINE (_test_recv_data1_frame0,
 	0x01, 0xe8,
 	0xfe, 0x07, 0x00, 0x80, 0xc2, 0x02, /* IEEE 802.1 - Port and Protocol VLAN ID */
 	0x01, 0x00, 0x00,
-	0xfe, 0x17, 0x00, 0x80, 0xc2, 0x03, /* IEEE 802.1 - VLAN Name */
-	0x01, 0xe8, 0x10, 0x76, 0x32, 0x2d,
+	0xfe, 0x16, 0x00, 0x80, 0xc2, 0x03, /* IEEE 802.1 - VLAN Name */
+	0x01, 0xe8, 0x0f, 0x76, 0x32, 0x2d,
 	0x30, 0x34, 0x38, 0x38, 0x2d, 0x30,
 	0x33, 0x2d, 0x30, 0x35, 0x30, 0x35,
-	0x00,
 	0xfe, 0x05, 0x00, 0x80, 0xc2, 0x04, /* IEEE 802.1 - Protocol Identity */
 	0x00,
 	0x00, 0x00                          /* End of LLDPDU */