diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2016-07-03 22:04:51 +0200 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-07-03 22:04:51 +0200 |
| commit | 16408793ce3c51bdae2cc09a1d2bd05b80d231bb (patch) | |
| tree | 7f1bdc2cf56d39008d4e741532f8a255db53bc14 | |
| parent | tools: always fallback to /dev/urandom (diff) | |
| download | wireguard-monolithic-historical-16408793ce3c51bdae2cc09a1d2bd05b80d231bb.tar.xz wireguard-monolithic-historical-16408793ce3c51bdae2cc09a1d2bd05b80d231bb.zip | |
receive: protect against impossible conditions
It should never be the case that skb->head + skb->transport_header -
skb->data is greater than 2^16, but in case the kernel network stack
borks this at some point in the future, we don't want this to slyly
introduce a vulnerability into WireGuard.
Further, really smart compilers might be able to make deductions about
data_offset, and optimize accordingly.
| -rw-r--r-- | src/receive.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/receive.c b/src/receive.c index 227b276..1b86489 100644 --- a/src/receive.c +++ b/src/receive.c @@ -47,6 +47,10 @@ static inline int skb_data_offset(struct sk_buff *skb, size_t *data_offset, size udp = udp_hdr(skb); *data_offset = (u8 *)udp - skb->data; + if (unlikely(*data_offset > U16_MAX)) { + net_dbg_ratelimited("Packet has offset at impossible location from %pISpfsc\n", &addr); + return -EINVAL; + } if (unlikely(*data_offset + sizeof(struct udphdr) > skb->len)) { net_dbg_ratelimited("Packet isn't big enough to have UDP fields from %pISpfsc\n", &addr); return -EINVAL; |