From a27328ed72187d3956b2339afc02d5881af730a6 Mon Sep 17 00:00:00 2001
From: Jeroen Leenarts <jeroen.leenarts@gmail.com>
Date: Sun, 12 Aug 2018 21:39:39 +0200
Subject: Do not read from packetFlow when tunnel is not yet fully initialized
 and configured.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 WireGuardNetworkExtension/WireGuardGoWrapper.m | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'WireGuardNetworkExtension/WireGuardGoWrapper.m')

diff --git a/WireGuardNetworkExtension/WireGuardGoWrapper.m b/WireGuardNetworkExtension/WireGuardGoWrapper.m
index cda62b4..2d6056d 100644
--- a/WireGuardNetworkExtension/WireGuardGoWrapper.m
+++ b/WireGuardNetworkExtension/WireGuardGoWrapper.m
@@ -37,6 +37,8 @@ static void do_log(int level, const char *tag, const char *msg);
 {
     self = [super init];
     if (self) {
+        self.handle = -1;
+        self.configured = false;
         self.condition = [NSCondition new];
     }
     return self;
@@ -59,7 +61,9 @@ static void do_log(int level, const char *tag, const char *msg);
 - (void) turnOff
 {
     self.isClosed = YES;
+    self.configured = NO;
     wgTurnOff(self.handle);
+    self.handle = -1;
 }
 
 + (NSString *)versionWireGuardGo {
@@ -83,6 +87,12 @@ static ssize_t do_read(const void *ctx, const unsigned char *buf, size_t len)
     WireGuardGoWrapper *wrapper = (__bridge WireGuardGoWrapper *)ctx;
     if (wrapper.isClosed) return -1;
 
+    if (wrapper.handle < 0 || !wrapper.configured ) {
+//        os_log_debug([WireGuardGoWrapper log], "do_read - early - on thread \"%{public}@\" - %d", NSThread.currentThread.name, (int)NSThread.currentThread);
+
+        return 0;
+    }
+
     if (wrapper.packets.count == 0) {
 
         dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0), ^{
-- 
cgit v1.2.3-59-g8ed1b