From b7ad73de3e4b129414a084ee6282f65736a69769 Mon Sep 17 00:00:00 2001
From: Zhenlei Huang <zlei@FreeBSD.org>
Date: Mon, 3 Apr 2023 01:54:31 +0800
Subject: [PATCH] ifconfig: Improve VLAN identifier parsing

VLAN identifier 0xFFF is reserved. It must not be configured or
transmitted.

Also validate during parsing to prevent potential integer overflow.

Reviewed by:	#network, melifaro
Fixes:		c7cffd65c5d85 Add support for stacked VLANs (IEEE 802.1ad, AKA Q-in-Q)
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D39282

(cherry picked from commit 28b498e65ab40975ea12393498bacd6249b7204c)
---
 sbin/ifconfig/ifvlan.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/sbin/ifconfig/ifvlan.c b/sbin/ifconfig/ifvlan.c
index 74d683ebb55a..53f2e68fa2fd 100644
--- a/sbin/ifconfig/ifvlan.c
+++ b/sbin/ifconfig/ifvlan.c
@@ -121,7 +121,7 @@ vlan_parse_ethervid(const char *name)
 {
 	char ifname[IFNAMSIZ];
 	char *cp;
-	int vid;
+	unsigned int vid;
 
 	strlcpy(ifname, name, IFNAMSIZ);
 	if ((cp = strrchr(ifname, '.')) == NULL)
@@ -134,9 +134,12 @@ vlan_parse_ethervid(const char *name)
 		errx(1, "invalid vlan tag");
 
 	vid = *cp++ - '0';
-	while ((*cp >= '0') && (*cp <= '9'))
+	while ((*cp >= '0') && (*cp <= '9')) {
 		vid = (vid * 10) + (*cp++ - '0');
-	if ((*cp != '\0') || (vid & ~0xFFF))
+		if (vid >= 0xFFF)
+			errx(1, "invalid vlan tag");
+	}
+	if (*cp != '\0')
 		errx(1, "invalid vlan tag");
 
 	/*