From 3625f8d2843b37408d44a5a28654ba7c323b77ea Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Mon, 19 Apr 2021 15:10:23 -0600
Subject: tun: freebsd: avoid OOB writes

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 tun/tun_freebsd.go | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'tun')

diff --git a/tun/tun_freebsd.go b/tun/tun_freebsd.go
index 37f1a0c..c4c6b64 100644
--- a/tun/tun_freebsd.go
+++ b/tun/tun_freebsd.go
@@ -8,6 +8,7 @@ package tun
 import (
 	"errors"
 	"fmt"
+	"io"
 	"net"
 	"os"
 	"sync"
@@ -347,7 +348,13 @@ func (tun *NativeTun) Read(buff []byte, offset int) (int, error) {
 }
 
 func (tun *NativeTun) Write(buf []byte, offset int) (int, error) {
+	if offset < 4 {
+		return 0, io.ErrShortBuffer
+	}
 	buf = buf[offset-4:]
+	if len(buf) < 5 {
+		return 0, io.ErrShortBuffer
+	}
 	buf[0] = 0x00
 	buf[1] = 0x00
 	buf[2] = 0x00
-- 
cgit v1.2.3-59-g8ed1b