keepalive short-circuit and panic-safe

author: Jake McGinty <me@jake.su> 2018-02-10 15:38:12 +0000
committer: Jake McGinty <me@jake.su> 2018-02-10 15:38:12 +0000
commit: 598746aefe428c36d0bd3efab2c906bd1dc69aa5 (patch)
tree: 889878018959de17f5ae11c1e02dbc96a5161c55 /src
parent: consolidate handshake crypto (diff)
download: wireguard-rs-598746aefe428c36d0bd3efab2c906bd1dc69aa5.tar.xz
wireguard-rs-598746aefe428c36d0bd3efab2c906bd1dc69aa5.zip
2 files changed, 8 insertions, 0 deletions
diff --git a/src/interface/peer_server.rs b/src/interface/peer_server.rs
index 79cbae3..36bbf6f 100644
--- a/src/interface/peer_server.rs
+++ b/src/interface/peer_server.rs
@@ -222,6 +222,10 @@ impl PeerServer {
                         peer.decrypt_transport_packet(our_index_received, nonce, &packet[16..])?
                     };
 
+                    if raw_packet.len() == 0 {
+                        return Ok(()) // short-circuit on keep-alives
+                    }
+
                     state.router.validate_source(&raw_packet, peer)?;
 
                     trace_packet("received TRANSPORT: ", &raw_packet);
diff --git a/src/ip_packet.rs b/src/ip_packet.rs
index 4aa7ecb..5f342b8 100644
--- a/src/ip_packet.rs
+++ b/src/ip_packet.rs
@@ -10,6 +10,10 @@ pub enum IpPacket<'a> {
 
 impl<'a> IpPacket<'a> {
     pub fn new(packet: &'a [u8]) -> Option<Self> {
+        if packet.len() == 0 {
+            return None;
+        }
+
         match packet[0] >> 4 {
             4 => Ipv4Packet::new(&packet).map(|packet| IpPacket::V4(packet)),
             6 => Ipv6Packet::new(&packet).map(|packet| IpPacket::V6(packet)),
author	Jake McGinty <me@jake.su>	2018-02-10 15:38:12 +0000
committer	Jake McGinty <me@jake.su>	2018-02-10 15:38:12 +0000
commit	598746aefe428c36d0bd3efab2c906bd1dc69aa5 (patch)
tree	889878018959de17f5ae11c1e02dbc96a5161c55 /src
parent	consolidate handshake crypto (diff)
download	wireguard-rs-598746aefe428c36d0bd3efab2c906bd1dc69aa5.tar.xz wireguard-rs-598746aefe428c36d0bd3efab2c906bd1dc69aa5.zip