aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/src/receive.c
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2017-06-29 21:24:21 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2017-06-29 21:24:21 +0200
commit3f626a4a4a5fa2b4b4f5cb1838b5d254f1a250a1 (patch)
tree417f51d60690537a44b3c2c677e0037b8d63a87a /src/receive.c
parentreceive: fix off-by-one in packet length checking (diff)
downloadwireguard-monolithic-historical-3f626a4a4a5fa2b4b4f5cb1838b5d254f1a250a1.tar.xz
wireguard-monolithic-historical-3f626a4a4a5fa2b4b4f5cb1838b5d254f1a250a1.zip
receive: pull IP header into head
Diffstat (limited to 'src/receive.c')
-rw-r--r--src/receive.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/receive.c b/src/receive.c
index 3ce472b..a6e188c 100644
--- a/src/receive.c
+++ b/src/receive.c
@@ -206,6 +206,9 @@ void packet_consume_data_done(struct sk_buff *skb, struct wireguard_peer *peer,
if (skb_network_header(skb) < skb->head)
goto dishonest_packet_size;
+ if (unlikely(!(pskb_network_may_pull(skb, sizeof(struct iphdr)) && (ip_hdr(skb)->version == 4 || (ip_hdr(skb)->version == 6 && pskb_network_may_pull(skb, sizeof(struct ipv6hdr)))))))
+ goto dishonest_packet_type;
+
skb->dev = dev;
skb->ip_summed = CHECKSUM_UNNECESSARY;
skb->protocol = skb_examine_untrusted_ip_hdr(skb);
@@ -221,6 +224,7 @@ void packet_consume_data_done(struct sk_buff *skb, struct wireguard_peer *peer,
if (INET_ECN_is_ce(PACKET_CB(skb)->ds))
IP6_ECN_set_ce(skb, ipv6_hdr(skb));
} else {
+dishonest_packet_type:
++dev->stats.rx_errors;
++dev->stats.rx_frame_errors;
net_dbg_ratelimited("%s: Packet neither ipv4 nor ipv6 from peer %Lu (%pISpfsc)\n", netdev_pub(peer->device)->name, peer->internal_id, &peer->endpoint.addr);
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.