device: lock elem in autodraining queue before freeing

Without this, we wind up freeing packets that the encryption/decryption queues still have, resulting in a UaF. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2021-02-09 15:00:59 +0100
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2021-02-09 15:37:04 +0100
commit: 4b5d15ec2b1f148b4f718ed16d7e7f022b19fe1b (patch)
tree: 50c84857953c97478e3f3f7e9ebd97636f9c1129 /device
parent: device: remove listen port race in tests (diff)
download: wireguard-go-4b5d15ec2b1f148b4f718ed16d7e7f022b19fe1b.tar.xz
wireguard-go-4b5d15ec2b1f148b4f718ed16d7e7f022b19fe1b.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/device/channels.go b/device/channels.go
index 8cd6aee..4bd6090 100644
--- a/device/channels.go
+++ b/device/channels.go
@@ -89,6 +89,7 @@ func newAutodrainingInboundQueue(device *Device) chan *QueueInboundElement {
 				if elem == nil {
 					continue
 				}
+				elem.Lock()
 				device.PutMessageBuffer(elem.buffer)
 				device.PutInboundElement(elem)
 			default:
@@ -118,6 +119,7 @@ func newAutodrainingOutboundQueue(device *Device) chan *QueueOutboundElement {
 				if elem == nil {
 					continue
 				}
+				elem.Lock()
 				device.PutMessageBuffer(elem.buffer)
 				device.PutOutboundElement(elem)
 			default:
author	Jason A. Donenfeld <Jason@zx2c4.com>	2021-02-09 15:00:59 +0100
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2021-02-09 15:37:04 +0100
commit	4b5d15ec2b1f148b4f718ed16d7e7f022b19fe1b (patch)
tree	50c84857953c97478e3f3f7e9ebd97636f9c1129 /device
parent	device: remove listen port race in tests (diff)
download	wireguard-go-4b5d15ec2b1f148b4f718ed16d7e7f022b19fe1b.tar.xz wireguard-go-4b5d15ec2b1f148b4f718ed16d7e7f022b19fe1b.zip