diff options
| author |   Jake McGinty <me@jake.su> | 2018-03-09 04:50:00 +0000 |
|---|---|---|
| committer | Jake McGinty <me@jake.su> | 2018-03-09 04:50:00 +0000 |
| commit | a5bad2984b404b91670bbb634c79102b476a0b5a (patch) | |
| tree | 5a445edb8fe02fed379807e2170c2a7489b29524 /src/peer.rs | |
| parent | global: tidying up (diff) | |
| download | wireguard-rs-a5bad2984b404b91670bbb634c79102b476a0b5a.tar.xz wireguard-rs-a5bad2984b404b91670bbb634c79102b476a0b5a.zip | |
peer: zero out sessions when they're dropped
NOTE: I'm not entirely sure this is sufficient, but it's a start.
Diffstat (limited to 'src/peer.rs')
| -rw-r--r-- | src/peer.rs | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/src/peer.rs b/src/peer.rs index 8bbc763..6fedf6f 100644 --- a/src/peer.rs +++ b/src/peer.rs @@ -1,5 +1,6 @@ use anti_replay::AntiReplay; use byteorder::{ByteOrder, LittleEndian}; +use clear_on_drop::clear::{Clear, InitializableFromZeroed}; use consts::{TRANSPORT_OVERHEAD, TRANSPORT_HEADER_SIZE, REKEY_AFTER_MESSAGES, REKEY_AFTER_TIME, REKEY_AFTER_TIME_RECV, REJECT_AFTER_TIME, REJECT_AFTER_MESSAGES, PADDING_MULTIPLE, MAX_QUEUED_PACKETS}; @@ -94,6 +95,15 @@ impl Session { }) } } +impl InitializableFromZeroed for Session { + unsafe fn initialize(_place: *mut Self) {} +} + +fn wipe_session(mut session: Session) -> u32 { + let index = session.our_index; + session.clear(); + index +} pub struct IncompleteIncomingHandshake { their_index : u32, @@ -122,7 +132,7 @@ impl Sessions { mem::replace(&mut self.current, None), mem::replace(&mut self.next, None)]; - indices.into_iter().filter_map(|sesh| sesh.map(|s| s.our_index)).collect() + indices.into_iter().filter_map(|sesh| sesh.map(wipe_session)).collect() } } @@ -231,7 +241,7 @@ impl Peer { let old_next = mem::replace(&mut self.sessions.next, Some(session)); let dead_index = if old_next.is_some() { - mem::replace(&mut self.sessions.past, old_next).map(|session| session.our_index) + mem::replace(&mut self.sessions.past, old_next).map(wipe_session) } else { None }; @@ -274,7 +284,7 @@ impl Peer { let old_next = mem::replace(&mut self.sessions.next, Some(next_session.into_transport_mode()?)); let dead_index = if old_next.is_some() { - mem::replace(&mut self.sessions.past, old_next).map(|session| session.our_index) + mem::replace(&mut self.sessions.past, old_next).map(wipe_session) } else { None }; @@ -315,7 +325,7 @@ impl Peer { let current = mem::replace(&mut self.sessions.current, Some(session)); let dead = mem::replace(&mut self.sessions.past, current); - Ok(dead.map(|session| session.our_index)) + Ok(dead.map(wipe_session)) } pub fn handle_incoming_transport(&mut self, addr: SocketAddr, packet: &Transport) @@ -357,7 +367,7 @@ impl Peer { self.sessions.current.as_mut().unwrap().birthday = Timestamp::now(); self.last_handshake = Timestamp::now(); - Some(dead.map(|session| session.our_index)) + Some(dead.map(wipe_session)) } else { None }; |