meta-flow: Be pickier about format of Ethernet addresses.

Otherwise, input with invalid trailing data was accepted, such as input
that had 7 colon-separated segments instead of 6.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>

diff --git a/lib/meta-flow.c b/lib/meta-flow.c
index 8f67b94..11fdfaa 100644 (file)
--- a/lib/meta-flow.c
+++ b/lib/meta-flow.c
@@ -2117,20 +2117,25 @@ mf_from_ethernet_string(const struct mf_field *mf, const char *s,
                         uint8_t mac[ETH_ADDR_LEN],
                         uint8_t mask[ETH_ADDR_LEN])
 {
-    ovs_assert(mf->n_bytes == ETH_ADDR_LEN);
+    int n;
 
-    switch (sscanf(s, ETH_ADDR_SCAN_FMT"/"ETH_ADDR_SCAN_FMT,
-                   ETH_ADDR_SCAN_ARGS(mac), ETH_ADDR_SCAN_ARGS(mask))){
-    case ETH_ADDR_SCAN_COUNT * 2:
-        return NULL;
+    ovs_assert(mf->n_bytes == ETH_ADDR_LEN);
 
-    case ETH_ADDR_SCAN_COUNT:
+    n = -1;
+    if (sscanf(s, ETH_ADDR_SCAN_FMT"%n", ETH_ADDR_SCAN_ARGS(mac), &n) > 0
+        && n == strlen(s)) {
         memset(mask, 0xff, ETH_ADDR_LEN);
         return NULL;
+    }
 
-    default:
-        return xasprintf("%s: invalid Ethernet address", s);
+    n = -1;
+    if (sscanf(s, ETH_ADDR_SCAN_FMT"/"ETH_ADDR_SCAN_FMT"%n",
+               ETH_ADDR_SCAN_ARGS(mac), ETH_ADDR_SCAN_ARGS(mask), &n) > 0
+        && n == strlen(s)) {
+        return NULL;
     }
+
+    return xasprintf("%s: invalid Ethernet address", s);
 }
 
 static char *