diff options
| author |   Jordan Whited <jordan@tailscale.com> | 2023-03-09 10:46:12 -0800 |
|---|---|---|
| committer |   Jason A. Donenfeld <Jason@zx2c4.com> | 2023-03-10 14:52:32 +0100 |
| commit | 6901984f6aa6de37a7b3979134f8b29c81735861 (patch) | |
| tree | 7c5cdf23474e875487eb393eac395488a3fce7db | |
| parent | conn: fix StdNetBind fallback on Windows (diff) | |
| download | wireguard-go-6901984f6aa6de37a7b3979134f8b29c81735861.tar.xz wireguard-go-6901984f6aa6de37a7b3979134f8b29c81735861.zip | |
conn: ensure control message size is respected in StdNetBind
This commit re-slices received control messages in StdNetBind to the
value the OS reports on a successful read. Previously, the len of this
slice would always be srcControlSize, which could result in control
message values leaking through a sync.Pool round trip. This is
unlikely with the IP_PKTINFO socket option set successfully, but
should be guarded against.
Reviewed-by: James Tucker <james@tailscale.com>
Signed-off-by: Jordan Whited <jordan@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| -rw-r--r-- | conn/bind_std.go | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/conn/bind_std.go b/conn/bind_std.go index a842b12..0266d6b 100644 --- a/conn/bind_std.go +++ b/conn/bind_std.go @@ -229,7 +229,7 @@ func (s *StdNetBind) makeReceiveIPv4(pc *ipv4.PacketConn, conn *net.UDPConn) Rec sizes[i] = msg.N addrPort := msg.Addr.(*net.UDPAddr).AddrPort() ep := asEndpoint(addrPort) - getSrcFromControl(msg.OOB, ep) + getSrcFromControl(msg.OOB[:msg.NN], ep) eps[i] = ep } return numMsgs, nil @@ -262,7 +262,7 @@ func (s *StdNetBind) makeReceiveIPv6(pc *ipv6.PacketConn, conn *net.UDPConn) Rec sizes[i] = msg.N addrPort := msg.Addr.(*net.UDPAddr).AddrPort() ep := asEndpoint(addrPort) - getSrcFromControl(msg.OOB, ep) + getSrcFromControl(msg.OOB[:msg.NN], ep) eps[i] = ep } return numMsgs, nil |