diff options
| author |   Jake McGinty <me@jake.su> | 2018-03-09 04:50:00 +0000 |
|---|---|---|
| committer | Jake McGinty <me@jake.su> | 2018-03-09 04:50:00 +0000 |
| commit | a5bad2984b404b91670bbb634c79102b476a0b5a (patch) | |
| tree | 5a445edb8fe02fed379807e2170c2a7489b29524 | |
| parent | global: tidying up (diff) | |
| download | wireguard-rs-a5bad2984b404b91670bbb634c79102b476a0b5a.tar.xz wireguard-rs-a5bad2984b404b91670bbb634c79102b476a0b5a.zip | |
peer: zero out sessions when they're dropped
NOTE: I'm not entirely sure this is sufficient, but it's a start.
| -rw-r--r-- | Cargo.lock | 10 | ||||
| -rw-r--r-- | Cargo.toml | 1 | ||||
| -rw-r--r-- | src/lib.rs | 1 | ||||
| -rw-r--r-- | src/peer.rs | 20 |
4 files changed, 27 insertions, 5 deletions
@@ -158,6 +158,14 @@ dependencies = [ ] [[package]] +name = "clear_on_drop" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "cc 1.0.5 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] name = "colored" version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1301,6 +1309,7 @@ dependencies = [ "bytes 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)", "chacha20-poly1305-aead 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)", "chrono 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)", + "clear_on_drop 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)", "colored 1.6.0 (registry+https://github.com/rust-lang/crates.io-index)", "criterion 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)", "daemonize 0.2.3 (git+https://github.com/mcginty/daemonize)", @@ -1401,6 +1410,7 @@ dependencies = [ "checksum chacha20-poly1305-aead 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "77d2058ba29594f69c75e8a9018e0485e3914ca5084e3613cd64529042f5423b" "checksum chrono 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "7c20ebe0b2b08b0aeddba49c609fe7957ba2e33449882cb186a180bc60682fa9" "checksum clap 2.30.0 (registry+https://github.com/rust-lang/crates.io-index)" = "1c07b9257a00f3fc93b7f3c417fc15607ec7a56823bc2c37ec744e266387de5b" +"checksum clear_on_drop 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "97276801e127ffb46b66ce23f35cc96bd454fa311294bced4bbace7baa8b1d17" "checksum colored 1.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b0aa3473e85a3161b59845d6096b289bb577874cafeaf75ea1b1beaa6572c7fc" "checksum constant_time_eq 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)" = "8ff012e225ce166d4422e0e78419d901719760f62ae2b7969ca6b564d1b54a9e" "checksum criterion 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "9e8852a0db5351470bbae05adaf2f8247eb50bf61abad84dcddad025157a916c" @@ -34,6 +34,7 @@ blake2-rfc = "0.2" byteorder = "^1.2" bytes = "0.4" chacha20-poly1305-aead = "^0.1" +clear_on_drop = "^0.2" derive_deref = "^1.0" failure = "^0.1" futures = "^0.1" @@ -19,6 +19,7 @@ extern crate blake2_rfc; extern crate byteorder; extern crate bytes; extern crate chacha20_poly1305_aead; +extern crate clear_on_drop; extern crate hex; extern crate mio; extern crate nix; diff --git a/src/peer.rs b/src/peer.rs index 8bbc763..6fedf6f 100644 --- a/src/peer.rs +++ b/src/peer.rs @@ -1,5 +1,6 @@ use anti_replay::AntiReplay; use byteorder::{ByteOrder, LittleEndian}; +use clear_on_drop::clear::{Clear, InitializableFromZeroed}; use consts::{TRANSPORT_OVERHEAD, TRANSPORT_HEADER_SIZE, REKEY_AFTER_MESSAGES, REKEY_AFTER_TIME, REKEY_AFTER_TIME_RECV, REJECT_AFTER_TIME, REJECT_AFTER_MESSAGES, PADDING_MULTIPLE, MAX_QUEUED_PACKETS}; @@ -94,6 +95,15 @@ impl Session { }) } } +impl InitializableFromZeroed for Session { + unsafe fn initialize(_place: *mut Self) {} +} + +fn wipe_session(mut session: Session) -> u32 { + let index = session.our_index; + session.clear(); + index +} pub struct IncompleteIncomingHandshake { their_index : u32, @@ -122,7 +132,7 @@ impl Sessions { mem::replace(&mut self.current, None), mem::replace(&mut self.next, None)]; - indices.into_iter().filter_map(|sesh| sesh.map(|s| s.our_index)).collect() + indices.into_iter().filter_map(|sesh| sesh.map(wipe_session)).collect() } } @@ -231,7 +241,7 @@ impl Peer { let old_next = mem::replace(&mut self.sessions.next, Some(session)); let dead_index = if old_next.is_some() { - mem::replace(&mut self.sessions.past, old_next).map(|session| session.our_index) + mem::replace(&mut self.sessions.past, old_next).map(wipe_session) } else { None }; @@ -274,7 +284,7 @@ impl Peer { let old_next = mem::replace(&mut self.sessions.next, Some(next_session.into_transport_mode()?)); let dead_index = if old_next.is_some() { - mem::replace(&mut self.sessions.past, old_next).map(|session| session.our_index) + mem::replace(&mut self.sessions.past, old_next).map(wipe_session) } else { None }; @@ -315,7 +325,7 @@ impl Peer { let current = mem::replace(&mut self.sessions.current, Some(session)); let dead = mem::replace(&mut self.sessions.past, current); - Ok(dead.map(|session| session.our_index)) + Ok(dead.map(wipe_session)) } pub fn handle_incoming_transport(&mut self, addr: SocketAddr, packet: &Transport) @@ -357,7 +367,7 @@ impl Peer { self.sessions.current.as_mut().unwrap().birthday = Timestamp::now(); self.last_handshake = Timestamp::now(); - Some(dead.map(|session| session.our_index)) + Some(dead.map(wipe_session)) } else { None }; |