Thu Aug 27 03:05:34 2020 UTC ()
wg: Make sure all paths into wg_handle_msg_data guarantee enough m_len.

Earlier commit moved the m_pullup into wg_validate_msg_header, but
wg_overudp_cb doesn't go through that.


(riastradh)
diff -r1.28 -r1.29 src/sys/net/if_wg.c
cvs diff -r1.28 -r1.29 src/sys/net/if_wg.c (expand / switch to unified diff)

--- src/sys/net/if_wg.c 2020/08/27 02:55:04 1.28
+++ src/sys/net/if_wg.c 2020/08/27 03:05:34 1.29
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: if_wg.c,v 1.28 2020/08/27 02:55:04 riastradh Exp $ */ 1/* $NetBSD: if_wg.c,v 1.29 2020/08/27 03:05:34 riastradh Exp $ */
2 2
3/* 3/*
4 * Copyright (C) Ryota Ozaki <ozaki.ryota@gmail.com> 4 * Copyright (C) Ryota Ozaki <ozaki.ryota@gmail.com>
5 * All rights reserved. 5 * All rights reserved.
6 * 6 *
7 * Redistribution and use in source and binary forms, with or without 7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions 8 * modification, are permitted provided that the following conditions
9 * are met: 9 * are met:
10 * 1. Redistributions of source code must retain the above copyright 10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer. 11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the 13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution. 14 * documentation and/or other materials provided with the distribution.
@@ -31,27 +31,27 @@ @@ -31,27 +31,27 @@
31 31
32/* 32/*
33 * This network interface aims to implement the WireGuard protocol. 33 * This network interface aims to implement the WireGuard protocol.
34 * The implementation is based on the paper of WireGuard as of 34 * The implementation is based on the paper of WireGuard as of
35 * 2018-06-30 [1]. The paper is referred in the source code with label 35 * 2018-06-30 [1]. The paper is referred in the source code with label
36 * [W]. Also the specification of the Noise protocol framework as of 36 * [W]. Also the specification of the Noise protocol framework as of
37 * 2018-07-11 [2] is referred with label [N]. 37 * 2018-07-11 [2] is referred with label [N].
38 * 38 *
39 * [1] https://www.wireguard.com/papers/wireguard.pdf 39 * [1] https://www.wireguard.com/papers/wireguard.pdf
40 * [2] http://noiseprotocol.org/noise.pdf 40 * [2] http://noiseprotocol.org/noise.pdf
41 */ 41 */
42 42
43#include <sys/cdefs.h> 43#include <sys/cdefs.h>
44__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.28 2020/08/27 02:55:04 riastradh Exp $"); 44__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.29 2020/08/27 03:05:34 riastradh Exp $");
45 45
46#ifdef _KERNEL_OPT 46#ifdef _KERNEL_OPT
47#include "opt_inet.h" 47#include "opt_inet.h"
48#endif 48#endif
49 49
50#include <sys/param.h> 50#include <sys/param.h>
51#include <sys/systm.h> 51#include <sys/systm.h>
52#include <sys/kernel.h> 52#include <sys/kernel.h>
53#include <sys/mbuf.h> 53#include <sys/mbuf.h>
54#include <sys/socket.h> 54#include <sys/socket.h>
55#include <sys/sockio.h> 55#include <sys/sockio.h>
56#include <sys/errno.h> 56#include <sys/errno.h>
57#include <sys/ioctl.h> 57#include <sys/ioctl.h>
@@ -2945,26 +2945,31 @@ wg_overudp_cb(struct mbuf **mp, int offs @@ -2945,26 +2945,31 @@ wg_overudp_cb(struct mbuf **mp, int offs
2945 */ 2945 */
2946 m_copydata(m, offset, sizeof(struct wg_msg), &wgm); 2946 m_copydata(m, offset, sizeof(struct wg_msg), &wgm);
2947 WG_DLOG("type=%d\n", wgm.wgm_type); 2947 WG_DLOG("type=%d\n", wgm.wgm_type);
2948 2948
2949 /* 2949 /*
2950 * Handle DATA packets promptly as they arrive. Other packets 2950 * Handle DATA packets promptly as they arrive. Other packets
2951 * may require expensive public-key crypto and are not as 2951 * may require expensive public-key crypto and are not as
2952 * sensitive to latency, so defer them to the worker thread. 2952 * sensitive to latency, so defer them to the worker thread.
2953 */ 2953 */
2954 switch (wgm.wgm_type) { 2954 switch (wgm.wgm_type) {
2955 case WG_MSG_TYPE_DATA: 2955 case WG_MSG_TYPE_DATA:
2956 /* handle immediately */ 2956 /* handle immediately */
2957 m_adj(m, offset); 2957 m_adj(m, offset);
 2958 if (__predict_false(m->m_len < sizeof(struct wg_msg_data))) {
 2959 m = m_pullup(m, sizeof(struct wg_msg_data));
 2960 if (m == NULL)
 2961 return -1;
 2962 }
2958 wg_handle_msg_data(wg, m, src); 2963 wg_handle_msg_data(wg, m, src);
2959 *mp = NULL; 2964 *mp = NULL;
2960 return 1; 2965 return 1;
2961 case WG_MSG_TYPE_INIT: 2966 case WG_MSG_TYPE_INIT:
2962 case WG_MSG_TYPE_RESP: 2967 case WG_MSG_TYPE_RESP:
2963 case WG_MSG_TYPE_COOKIE: 2968 case WG_MSG_TYPE_COOKIE:
2964 /* pass through to so_receive in wg_receive_packets */ 2969 /* pass through to so_receive in wg_receive_packets */
2965 return 0; 2970 return 0;
2966 default: 2971 default:
2967 /* drop on the floor */ 2972 /* drop on the floor */
2968 m_freem(m); 2973 m_freem(m);
2969 return -1; 2974 return -1;
2970 } 2975 }