| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
For languages that don't translate these, don't emit the place holder in
this ugly way. Instead fallback to ", " and " ".
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
gob is positional; continue on a half-read value leaves the decoder
mid-payload, and the next iteration reads what follows as if it were
a new NotificationType. Return on any Decode error and let the pipe
close take down the reader. The empty-tunnel-name check has to move
below all four field decodes for the same reason, or it desyncs the
stream just like the failure path used to.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
| |
NTFS journals the rename's metadata change but does not journal user
data. Without an explicit flush a power loss between the cache
manager publishing the rename and writing back the file's pages can
leave the destination at its final name with zero or partial
contents, while the prior file is gone.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
| |
A per-cert decode failure shouldn't abort the whole enumeration:
just continue to the next cert. As a side effect, the next
CertEnumCertificatesInStore call frees this cert via its
predecessor-free contract, so no explicit free is needed either.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
Without the splat the appended slice is passed as a single argument
to log.Fatal, which renders it as "[Error: <err>]" with the brackets
and the leading slice formatting visible in the console output.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
| |
The writer publishes nextIndex and timeNs via atomic ops, but
WriteTo and FollowFromCursor used to memcpy the entire mapping and
then read those fields plain, which is a race. Drop the megabyte
snapshot and use matching atomic loads.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The watcher's setup is guarded by sync.Once, which is consumed the
moment the goroutine is spawned. If tunnelConfigurationsDirectory or
FindFirstChangeNotification fails on the first attempt the goroutine
exits, but every subsequent RegisterStoreChangeCallback sees the Once
already done and skips the spawn, so changes are silently never
reported again. Retry these initial failures on the existing
startover loop instead of bailing out.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The RtlPcToFileHeader hook consults loadedAddressRanges to identify
PCs that belong to manually-loaded modules. Entries were appended
during LoadLibrary but never removed when the module was freed, so
once the underlying allocation was returned to the OS and possibly
reused, the hook would still claim those PCs as ours and substitute
in a sentinel address, breaking unwind metadata lookup for whatever
legitimate module ended up at that range.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Falling through to the message pump after SetWinEventHook failure
wedges the secondary process forever, since the hook is the only
thing that would ever post WM_QUIT or signal the existing window.
GetMessage's -1 error return was also being treated as a normal
message and dispatched on uninitialised MSG state. Bail out with
os.Exit on the SetWinEventHook failure path, and on the message
loop translate WM_QUIT (m==0) and the GetMessage error (m<0) into
real exit codes so ExitProcess does not see them through a signed
cast that lands on 0xFFFFFFFF.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
The route-change and interface-change callbacks run on separate
threads from the IP Helper notification pool and both touch the
same lastLUID/lastIndex/lastMTU state.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
RtlAddFunctionTable keeps a kernel-side pointer into the in-image
RUNTIME_FUNCTION array. Without a matching RtlDeleteFunctionTable,
freeing codeBase via VirtualFree leaves that pointer dangling.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
The two checks collapsed into one || meant the second error message
was unreachable. Drop NumberOfNames from the first check so both
diagnostics are reachable for their respective cases.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
| |
WinHTTP can short-read across TLS or HTTP chunk boundaries, so a
single Read may truncate the signed file list. Signify verification
catches it, but the user sees a spurious update-check failure
instead of a successful fetch.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
releaseDriverAdapter was only called from the RuntimeConfig error
path, so a cleanly-running tunnel never had its cached *Adapter
dropped from the map. The finalizer attached in OpenAdapter
couldn't reach it, and the kernel handle leaked. A restart of the
same tunnel then kept hitting stale-handle errors against the
surviving cache entry.
Fix this by calling releaseDriverAdapter from tunneltracker on
every TunnelStopped transition, and closing the adapter inside
releaseDriverAdapter under the per-adapter lock.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
This fixes a bit of a race with interface attachment on old Windows
builds.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
We had reports of it failing.
Reported-by: Ben Yoder <byoder@moltzconstructors.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
Not really reachable, but still this seems wrong not to check.
DeleteName checks it.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
| |
Reported-by: Frank Rochlitzer <f.rochlitzer@b3-it.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
Happens in a Go routine when things might have changed.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
It's a bit weird to register this handler with a callback that touches
things that aren't even initialized at this point.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
Otherwise we can't figure out which peers to remove.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
This is more robust.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
Seems like defaulting to CWD is a bad idea.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
Jason A. Donenfeld