go-bridge: dup tunFd so as to not confuse NetworkExtension

The extension isn't banking on tunFd being closed ever, so dup it before
handing it to the rest of wireguard-go.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

1 files changed, 11 insertions, 2 deletions

diff --git a/wireguard-go-bridge/api-ios.go b/wireguard-go-bridge/api-ios.go
index 93dd323..d6eccd8 100644
--- a/wireguard-go-bridge/api-ios.go
+++ b/wireguard-go-bridge/api-ios.go
@@ -90,15 +90,22 @@ func wgTurnOn(settings *C.char, tunFd int32) int32 {
 		Info:  log.New(&CLogger{level: 1}, "", 0),
 		Error: log.New(&CLogger{level: 2}, "", 0),
 	}
+	dupTunFd, err := unix.Dup(int(tunFd))
+	if err != nil {
+		logger.Error.Println(err)
+		return -1
+	}
 
-	err := unix.SetNonblock(int(tunFd), true)
+	err = unix.SetNonblock(dupTunFd, true)
 	if err != nil {
 		logger.Error.Println(err)
+		unix.Close(dupTunFd)
 		return -1
 	}
-	tun, err := tun.CreateTUNFromFile(os.NewFile(uintptr(tunFd), "/dev/tun"), 0)
+	tun, err := tun.CreateTUNFromFile(os.NewFile(uintptr(dupTunFd), "/dev/tun"), 0)
 	if err != nil {
 		logger.Error.Println(err)
+		unix.Close(dupTunFd)
 		return -1
 	}
 	logger.Info.Println("Attaching to interface")
@@ -107,6 +114,7 @@ func wgTurnOn(settings *C.char, tunFd int32) int32 {
 	setError := device.IpcSetOperation(bufio.NewReader(strings.NewReader(C.GoString(settings))))
 	if setError != nil {
 		logger.Error.Println(setError)
+		unix.Close(dupTunFd)
 		return -1
 	}
 
@@ -120,6 +128,7 @@ func wgTurnOn(settings *C.char, tunFd int32) int32 {
 		}
 	}
 	if i == math.MaxInt32 {
+		unix.Close(dupTunFd)
 		return -1
 	}
 	tunnelHandles[i] = tunnelHandle{device, logger}