[Libguestfs] Why does libxml2 limit port numbers to 999,999,999?

Richard W.M. Jones rjones at redhat.com
Sat Oct 17 10:24:31 UTC 2020 

The AF_VSOCK protocol added in Linux 5.6 uses a 32 bit port number.

For NBD we map this to simple URIs[1] like nbd+vsock://CID:PORT (where
CID is a number that acts a bit like a hostname and PORT is a 32 bit
port number).  eg: nbd+vsock://1:1000000000/ would be port 10^9 on the
loopback address VMADDR_CID_LOCAL (== 1).

The problem is that libxml2 arbitrarily limits port numbers to
999,999,999.  I don't see any support for this limit in RFC 3986 [2].

Here is the code:

  https://github.com/GNOME/libxml2/blob/46837d47d59c7b8c9bd1d08a6a717a90a7f1ceb6/uri.c#L333

It doesn't even return an error, just truncates the port number.  You
can see the problem with the program [3] below.

It seems like libxml2 chose to do this for convenience rather than
correctness.  I think it should accept port numbers at least up to
signed int (the type used to store port numbers), and give an error if
the port number overflows.

Is there anything I'm missing or would a patch which implements that
be acceptable?

Also could the uri->port field be changed to unsigned int without
breaking ABI?

Rich.

[1] https://github.com/NetworkBlockDevice/nbd/blob/master/doc/uri.md

[2] https://tools.ietf.org/html/rfc3986#section-3.2.3

[3]
  $ cat port.c
  #include <stdio.h>
  #include <stdlib.h>
  #include <stdint.h>
  #include <inttypes.h>
  #include <libxml/uri.h>

  int
  main (int argc, char *argv[])
  {
    xmlURIPtr uri = xmlParseURI (argv[1]);
    if (!uri) {
      fprintf (stderr, "xmlParseURI failed\n");
      exit (EXIT_FAILURE);
    }
    printf ("%s => uri->port = %d\n", argv[1], uri->port);
    exit (EXIT_SUCCESS);
  }

  $ ./port nbd+vsock://1:1000
  nbd+vsock://1:1000 => uri->port = 1000
  $ ./port nbd+vsock://1:100000
  nbd+vsock://1:100000 => uri->port = 100000
  $ ./port nbd+vsock://1:10000000
  nbd+vsock://1:10000000 => uri->port = 10000000
  $ ./port nbd+vsock://1:1000000000
  nbd+vsock://1:1000000000 => uri->port = 99999999


-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top

More information about the Libguestfs mailing list