diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-04-25 10:45:39 -0400 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-04-25 19:31:23 -0400 |
commit | cb7cd32a7c47151c161603cdc8a1c21f48550a65 (patch) | |
tree | 8180b39cfbabb320f80bd3bcc30565151bb00960 | |
parent | wg_noise: compile on 32-bit (diff) | |
download | wireguard-freebsd-cb7cd32a7c47151c161603cdc8a1c21f48550a65.tar.xz wireguard-freebsd-cb7cd32a7c47151c161603cdc8a1c21f48550a65.zip |
if_wg: do not increment error counter when sc is null
If sc is null, jumping to increment the counter means crash.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to '')
-rw-r--r-- | TODO.md | 5 | ||||
-rw-r--r-- | src/if_wg.c | 11 |
2 files changed, 12 insertions, 4 deletions
@@ -7,6 +7,11 @@ FreeBSD, just `capable()`, which makes it a bit weird for one jail to have permissions in another.) - Make code style consistent with one FreeBSD way, rather than a mix of styles. +- Send ICMP messages at the proper place. +- Review all included headers, and minimize a bit. +- Figure out clear locking rules for network stack stuff -- when different + functions run under what locks and what they race with. There's a lot of + weirdness with `wg_transmit`/`wg_output` to deal with. ### Crypto TODO diff --git a/src/if_wg.c b/src/if_wg.c index 095a4f3..19fccff 100644 --- a/src/if_wg.c +++ b/src/if_wg.c @@ -2073,7 +2073,7 @@ wg_transmit(struct ifnet *ifp, struct mbuf *m) /* Work around lifetime issue in the ipv6 mld code. */ if (__predict_false((ifp->if_flags & IFF_DYING) || !sc)) { rc = ENXIO; - goto err; + goto err_free; } BPF_MTAP2(ifp, &af, sizeof(af), m); @@ -2084,12 +2084,12 @@ wg_transmit(struct ifnet *ifp, struct mbuf *m) peer = wg_aip_lookup(sc, AF_INET6, &mtod(m, struct ip6_hdr *)->ip6_dst); } else { rc = EAFNOSUPPORT; - goto err; + goto err_counter; } if (__predict_false(peer == NULL)) { rc = ENOKEY; - goto err; + goto err_counter; } if (__predict_false(if_tunnel_check_nesting(ifp, m, MTAG_WGLOOP, MAX_LOOPS))) { @@ -2110,10 +2110,13 @@ wg_transmit(struct ifnet *ifp, struct mbuf *m) wg_peer_send_staged(peer); noise_remote_put(peer->p_remote); return (0); + err_peer: noise_remote_put(peer->p_remote); -err: +err_counter: if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1); + /* TODO: send ICMP unreachable? */ +err_free: wg_packet_free(pkt); return (rc); } |