[pve-devel] [PATCH installer 1/6] sys: net: pinning: make interface name checks stricter

From: Christoph Heiss <c.heiss@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH installer 1/6] sys: net: pinning: make interface name checks stricter
Date: Thu, 13 Nov 2025 14:49:49 +0100	[thread overview]
Message-ID: <20251113135023.1038305-2-c.heiss@proxmox.com> (raw)
In-Reply-To: <20251113135023.1038305-1-c.heiss@proxmox.com>

According to our `pve-iface` schema, names must be at least two
characters long and start with a (latin) letter.

Reported-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
 Proxmox/Sys/Net.pm            | 17 +++++++++++------
 proxinstall                   |  3 +--
 test/validate-link-pin-map.pl | 23 +++++++++++++++++++++--
 3 files changed, 33 insertions(+), 10 deletions(-)

diff --git a/Proxmox/Sys/Net.pm b/Proxmox/Sys/Net.pm
index 991f723..016a7f8 100644
--- a/Proxmox/Sys/Net.pm
+++ b/Proxmox/Sys/Net.pm
@@ -13,13 +13,16 @@ our @EXPORT_OK = qw(
     parse_ip_mask
     parse_fqdn
     validate_link_pin_map
+    MIN_IFNAME_LEN
     MAX_IFNAME_LEN
     DEFAULT_PIN_PREFIX
 );
 
-# Maximum length of the (primary) name of a network interface
-# IFNAMSIZ - 1 to account for NUL byte
 use constant {
+    # As dictated by the `pve-iface` schema.
+    MIN_IFNAME_LEN => 2,
+    # Maximum length of the (primary) name of a network interface.
+    # IFNAMSIZ - 1 to account for NUL byte
     MAX_IFNAME_LEN => 15,
     DEFAULT_PIN_PREFIX => 'nic',
 };
@@ -338,8 +341,10 @@ sub validate_link_pin_map : prototype($) {
     my $reverse_mapping = {};
 
     while (my ($mac, $name) = each %$mapping) {
-        if (!defined($name) || $name eq '') {
-            die "interface name for '$mac' cannot be empty\n";
+        if (!defined($name) || length($name) < MIN_IFNAME_LEN) {
+            die "interface name for '$mac' must be at least "
+                . MIN_IFNAME_LEN
+                . " characters long\n";
         }
 
         if (length($name) > MAX_IFNAME_LEN) {
@@ -353,8 +358,8 @@ sub validate_link_pin_map : prototype($) {
                 . "name must not be fully numeric\n";
         }
 
-        if ($name =~ m/^[0-9]/) {
-            die "interface name '$name' for '$mac' is invalid: name must not start with a number\n";
+        if ($name !~ m/^[a-z]/) {
+            die "interface name '$name' for '$mac' is invalid: name must start with a letter\n";
         }
 
         if ($name !~ m/^[a-zA-Z_][a-zA-Z0-9_]*$/) {
diff --git a/proxinstall b/proxinstall
index 49dd796..e3ea22e 100755
--- a/proxinstall
+++ b/proxinstall
@@ -37,8 +37,7 @@ use Proxmox::Sys;
 use Proxmox::Sys::Block qw(get_cached_disks);
 use Proxmox::Sys::Command qw(syscmd);
 use Proxmox::Sys::File qw(file_read_all file_write_all);
-use Proxmox::Sys::Net
-    qw(parse_ip_address parse_ip_mask validate_link_pin_map MAX_IFNAME_LEN DEFAULT_PIN_PREFIX);
+use Proxmox::Sys::Net qw(parse_ip_address parse_ip_mask validate_link_pin_map DEFAULT_PIN_PREFIX);
 use Proxmox::UI;
 
 my $step_number = 0; # Init number for global function list
diff --git a/test/validate-link-pin-map.pl b/test/validate-link-pin-map.pl
index 6386700..37e8387 100755
--- a/test/validate-link-pin-map.pl
+++ b/test/validate-link-pin-map.pl
@@ -8,7 +8,18 @@ use Test::More;
 use Proxmox::Sys::Net qw(validate_link_pin_map);
 
 eval { validate_link_pin_map({ 'ab:cd:ef:12:34:56' => '' }) };
-is($@, "interface name for 'ab:cd:ef:12:34:56' cannot be empty\n");
+is(
+    $@,
+    "interface name for 'ab:cd:ef:12:34:56' must be at least 2 characters long\n",
+    "empty name is rejected",
+);
+
+eval { validate_link_pin_map({ 'ab:cd:ef:12:34:56' => 'a' }) };
+is(
+    $@,
+    "interface name for 'ab:cd:ef:12:34:56' must be at least 2 characters long\n",
+    "1 character name is rejected",
+);
 
 eval { validate_link_pin_map({ 'ab:cd:ef:12:34:56' => 'waytoolonginterfacename' }) };
 is(
@@ -30,7 +41,15 @@ is(
 eval { validate_link_pin_map({ 'ab:cd:ef:12:34:56' => '0nic' }) };
 is(
     $@,
-    "interface name '0nic' for 'ab:cd:ef:12:34:56' is invalid: name must not start with a number\n",
+    "interface name '0nic' for 'ab:cd:ef:12:34:56' is invalid: name must start with a letter\n",
+    "name starting with number is rejected",
+);
+
+eval { validate_link_pin_map({ 'ab:cd:ef:12:34:56' => '_a' }) };
+is(
+    $@,
+    "interface name '_a' for 'ab:cd:ef:12:34:56' is invalid: name must start with a letter\n",
+    "name starting with underscore is rejected",
 );
 
 eval { validate_link_pin_map({ 'ab:cd:ef:12:34:56' => '12345' }) };
-- 
2.51.0



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

