TunnelManager: bound recursion in startActivation

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2018-10-31 15:58:03 +0100
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2018-10-31 15:58:03 +0100
commit: ecb6035d363deb78ed0d94b016eefde2448920ea (patch)
tree: b32cd12f48f59c73367cdc1a257484546f2bd612 /WireGuard/WireGuard/VPN
parent: VPN: Retry startTunnel based on error conditions (diff)
download: wireguard-apple-ecb6035d363deb78ed0d94b016eefde2448920ea.tar.xz
wireguard-apple-ecb6035d363deb78ed0d94b016eefde2448920ea.zip
1 files changed, 11 insertions, 3 deletions
diff --git a/WireGuard/WireGuard/VPN/TunnelsManager.swift b/WireGuard/WireGuard/VPN/TunnelsManager.swift
index 5a5c5d5..2e28689 100644
--- a/WireGuard/WireGuard/VPN/TunnelsManager.swift
+++ b/WireGuard/WireGuard/VPN/TunnelsManager.swift
@@ -321,9 +321,17 @@ class TunnelContainer: NSObject {
         }
     }
 
-    fileprivate func startActivation(tunnelConfiguration: TunnelConfiguration,
+    fileprivate func startActivation(recursionCount: UInt = 0,
+                                     lastError: Error? = nil,
+                                     tunnelConfiguration: TunnelConfiguration,
                                      resolvedEndpoints: [Endpoint?],
                                      completionHandler: @escaping (Error?) -> Void) {
+        if (recursionCount >= 8) {
+            os_log("startActivation: Failed after 8 attempts. Giving up with %{public}@.", log: OSLog.default, type: .error, "\(lastError!)")
+            completionHandler(lastError)
+            return
+        }
+
         // resolvedEndpoints should contain only IP addresses, not any named endpoints
         assert(resolvedEndpoints.allSatisfy { (resolvedEndpoint) in
             guard let resolvedEndpoint = resolvedEndpoint else { return true }
@@ -349,7 +357,7 @@ class TunnelContainer: NSObject {
                 }
                 os_log("startActivation: Tunnel saved after re-enabling.", log: OSLog.default, type: .info)
                 os_log("startActivation: Invoking startActivation", log: OSLog.default, type: .debug)
-                self?.startActivation(tunnelConfiguration: tunnelConfiguration, resolvedEndpoints: resolvedEndpoints, completionHandler: completionHandler)
+                self?.startActivation(recursionCount: recursionCount + 1, lastError: NEVPNError(NEVPNError.configurationUnknown), tunnelConfiguration: tunnelConfiguration, resolvedEndpoints: resolvedEndpoints, completionHandler: completionHandler)
             }
             return
         }
@@ -392,7 +400,7 @@ class TunnelContainer: NSObject {
                 }
                 os_log("startActivation: Tunnel reloaded.", log: OSLog.default, type: .info)
                 os_log("startActivation: Invoking startActivation", log: OSLog.default, type: .debug)
-                self?.startActivation(tunnelConfiguration: tunnelConfiguration, resolvedEndpoints: resolvedEndpoints, completionHandler: completionHandler)
+                self?.startActivation(recursionCount: recursionCount + 1, lastError: vpnError, tunnelConfiguration: tunnelConfiguration, resolvedEndpoints: resolvedEndpoints, completionHandler: completionHandler)
             }
         }
     }
author	Jason A. Donenfeld <Jason@zx2c4.com>	2018-10-31 15:58:03 +0100
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2018-10-31 15:58:03 +0100
commit	ecb6035d363deb78ed0d94b016eefde2448920ea (patch)
tree	b32cd12f48f59c73367cdc1a257484546f2bd612 /WireGuard/WireGuard/VPN
parent	VPN: Retry startTunnel based on error conditions (diff)
download	wireguard-apple-ecb6035d363deb78ed0d94b016eefde2448920ea.tar.xz wireguard-apple-ecb6035d363deb78ed0d94b016eefde2448920ea.zip