From bbc13c5bb6f0f41207fa5bc4d7ad44c2b4f58336 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Wed, 21 Nov 2018 18:19:04 +0100
Subject: [PATCH] lldp: fix parsing of vlan-name attribute

We used to read 3 bytes after the TLV, fix this.

Also, check that string length is at most 32 bytes as specified in
figure E.3 of IEEE 802.1AB-2009.

Fixes: 18133ea1428648781dba74c26dd5d118e8d5ce33

https://bugzilla.redhat.com/show_bug.cgi?id=1652210
(cherry picked from commit e9097787102442d1db6e1ebfbe07140bf05318a2)
(cherry picked from commit 05c27c3c504c776b2ff3f3e34e717300c5ac1a0f)
(cherry picked from commit 6d4ad477b81e495a35767c996c9f4ad69f58e135)
(cherry picked from commit b97d38e5799834474004b6cba2ddda3223ac5b1d)
(cherry picked from commit 73b572e001b8f3e36c35b6e7aa59daac8be3c745)
(cherry picked from commit d8c41cd8b02d29245b07f0df0189b084ad048e1c)
(cherry picked from commit 740826467443fe09096a0c4893612313844498e6)
---
 src/devices/nm-lldp-listener.c | 4 +++-
 src/devices/tests/test-lldp.c  | 5 ++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/devices/nm-lldp-listener.c b/src/devices/nm-lldp-listener.c
index 9cc1d08680..114a4ef27c 100644
--- a/src/devices/nm-lldp-listener.c
+++ b/src/devices/nm-lldp-listener.c
@@ -515,11 +515,13 @@ lldp_neighbor_new (sd_lldp_neighbor *neighbor_sd, GError **error)
 				l = data8[2];
 				if (len != 3 + l)
 					continue;
+				if (l > 32)
+					continue;
 
 				_lldp_attr_set_uint32 (neigh->attrs, LLDP_ATTR_ID_IEEE_802_1_VID,
 				                       _access_uint16 (&data8[0]));
 				_lldp_attr_set_str_ptr (neigh->attrs, LLDP_ATTR_ID_IEEE_802_1_VLAN_NAME,
-				                        &data8[3], len);
+				                        &data8[3], l);
 				break;
 			}
 			default:
diff --git a/src/devices/tests/test-lldp.c b/src/devices/tests/test-lldp.c
index bff85e6c94..38a7972f8f 100644
--- a/src/devices/tests/test-lldp.c
+++ b/src/devices/tests/test-lldp.c
@@ -222,11 +222,10 @@ TEST_RECV_FRAME_DEFINE (_test_recv_data1_frame0,
 	0x01, 0xe8,
 	0xfe, 0x07, 0x00, 0x80, 0xc2, 0x02, /* IEEE 802.1 - Port and Protocol VLAN ID */
 	0x01, 0x00, 0x00,
-	0xfe, 0x17, 0x00, 0x80, 0xc2, 0x03, /* IEEE 802.1 - VLAN Name */
-	0x01, 0xe8, 0x10, 0x76, 0x32, 0x2d,
+	0xfe, 0x16, 0x00, 0x80, 0xc2, 0x03, /* IEEE 802.1 - VLAN Name */
+	0x01, 0xe8, 0x0f, 0x76, 0x32, 0x2d,
 	0x30, 0x34, 0x38, 0x38, 0x2d, 0x30,
 	0x33, 0x2d, 0x30, 0x35, 0x30, 0x35,
-	0x00,
 	0xfe, 0x05, 0x00, 0x80, 0xc2, 0x04, /* IEEE 802.1 - Protocol Identity */
 	0x00,
 	0x00, 0x00                          /* End of LLDPDU */