socket-util: refuse ifnames with embedded '%' as invalid

So Linux has this (insane — in my opinion) "feature" that if you name a
network interface "foo%d" then it will automatically look for the
interface starting with "foo…" with the lowest number that is not used
yet and allocates that.

We should never clash with this "magic" handling of ifnames, hence
refuse this, since otherwise we never know what the name is we end up
with.

We should probably switch things from a deny list to an allow list
sooner or later and be much stricter. Since the kernel directly enforces
only very few rules on the names, we'd need to do some research what is
safe and what is not first, though.

1 files changed, 4 insertions, 1 deletions

diff --git a/src/basic/socket-util.c b/src/basic/socket-util.c
index 8402e79c31..552ec053ff 100644
--- a/src/basic/socket-util.c
+++ b/src/basic/socket-util.c
@@ -787,7 +787,10 @@ bool ifname_valid_full(const char *p, IfnameValidFlags flags) {
                 if ((unsigned char) *t <= 32U)
                         return false;
 
-                if (IN_SET(*t, ':', '/'))
+                if (IN_SET(*t,
+                           ':',  /* colons are used by the legacy "alias" interface logic */
+                           '/',  /* slashes cannot work, since we need to use network interfaces in sysfs paths, and in paths slashes are separators */
+                           '%')) /* %d is used in the kernel's weird foo%d format string naming feature which we really really don't want to ever run into by accident */
                         return false;
 
                 numeric = numeric && (*t >= '0' && *t <= '9');