diff options
| author |   florian <florian@openbsd.org> | 2019-01-29 19:13:01 +0000 |
|---|---|---|
| committer | florian <florian@openbsd.org> | 2019-01-29 19:13:01 +0000 |
| commit | 2b8219780b5257b9cd0885cd3f7c2aaf1ac79f82 (patch) | |
| tree | 8e952def36fb0353ea37cd108eb1485add54e380 /sys | |
| parent | nl in forwarder line is optional, makes the grammar conform more to manual (diff) | |
| download | wireguard-openbsd-2b8219780b5257b9cd0885cd3f7c2aaf1ac79f82.tar.xz wireguard-openbsd-2b8219780b5257b9cd0885cd3f7c2aaf1ac79f82.zip | |
Make imsg processing much more paranoid.
If it comes from one of our processes and the size does not match what
we expect call fatalx to crash and burn. We either hit a logic bug or
something is fishy on the other end and we can't trust that process
any longer. Not that we trust those processes to begin with.
This also applies to receiving resources that we don't expect. For
example if we have an open UDP listen socket and get a new one passed
from the main process something is wrong and we should crash and burn.
The only place where we are more lenient is on the control socket. We
just ignore wrong sized messages so that users can't bring down
unwind.
Diffstat (limited to 'sys')
0 files changed, 0 insertions, 0 deletions