From d539b335e8a7a87dda3da259958bb52183fb760e Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 5 Mar 2019 02:29:41 +0100 Subject: conf: validate tunnel name --- service/install.go | 16 +++++++++++++--- service/ipc_server.go | 18 +++++++++++++++--- service/names.go | 25 +++++++++++++++++++++++++ service/service_manager.go | 1 - service/tunneltracker.go | 5 ++++- 5 files changed, 57 insertions(+), 8 deletions(-) create mode 100644 service/names.go (limited to 'service') diff --git a/service/install.go b/service/install.go index bb2fb046..4203d066 100644 --- a/service/install.go +++ b/service/install.go @@ -122,7 +122,10 @@ func InstallTunnel(configPath string) error { return err } - serviceName := "WireGuard Tunnel: " + name + serviceName, err := ServiceNameOfTunnel(name) + if err != nil { + return err + } service, err := m.OpenService(serviceName) if err == nil { status, err := service.Query() @@ -169,7 +172,10 @@ func UninstallTunnel(name string) error { if err != nil { return err } - serviceName := "WireGuard Tunnel: " + name + serviceName, err := ServiceNameOfTunnel(name) + if err != nil { + return err + } service, err := m.OpenService(serviceName) if err != nil { return err @@ -188,5 +194,9 @@ func RunTunnel(confPath string) error { if err != nil { return err } - return svc.Run("WireGuard Tunnel: "+name, &tunnelService{confPath}) + serviceName, err := ServiceNameOfTunnel(name) + if err != nil { + return err + } + return svc.Run(serviceName, &tunnelService{confPath}) } diff --git a/service/ipc_server.go b/service/ipc_server.go index ed239d85..5f16eab9 100644 --- a/service/ipc_server.go +++ b/service/ipc_server.go @@ -43,14 +43,20 @@ func (s *ManagerService) RuntimeConfig(tunnelName string, config *conf.Config) e if err != nil { return err } - pipe, err := winio.DialPipe("\\\\.\\pipe\\wireguard\\"+storedConfig.Name, nil) + pipePath, err := PipePathOfTunnel(storedConfig.Name) if err != nil { return err } + pipe, err := winio.DialPipe(pipePath, nil) + if err != nil { + return err + } + pipe.SetWriteDeadline(time.Now().Add(time.Second * 2)) _, err = pipe.Write([]byte("get=1\n\n")) if err != nil { return err } + pipe.SetReadDeadline(time.Now().Add(time.Second * 2)) resp, err := ioutil.ReadAll(pipe) if err != nil { return err @@ -88,7 +94,10 @@ func (s *ManagerService) Stop(tunnelName string, unused *uintptr) error { } func (s *ManagerService) WaitForStop(tunnelName string, unused *uintptr) error { - serviceName := "WireGuard Tunnel: " + tunnelName + serviceName, err := ServiceNameOfTunnel(tunnelName) + if err != nil { + return err + } m, err := serviceManager() if err != nil { return err @@ -113,7 +122,10 @@ func (s *ManagerService) Delete(tunnelName string, unused *uintptr) error { } func (s *ManagerService) State(tunnelName string, state *TunnelState) error { - serviceName := "WireGuard Tunnel: " + tunnelName + serviceName, err := ServiceNameOfTunnel(tunnelName) + if err != nil { + return err + } m, err := serviceManager() if err != nil { return err diff --git a/service/names.go b/service/names.go new file mode 100644 index 00000000..45f590a3 --- /dev/null +++ b/service/names.go @@ -0,0 +1,25 @@ +/* SPDX-License-Identifier: MIT + * + * Copyright (C) 2019 WireGuard LLC. All Rights Reserved. + */ + +package service + +import ( + "errors" + "golang.zx2c4.com/wireguard/windows/conf" +) + +func ServiceNameOfTunnel(tunnelName string) (string, error) { + if !conf.TunnelNameIsValid(tunnelName) { + return "", errors.New("Tunnel name is not valid") + } + return "WireGuard Tunnel: " + tunnelName, nil +} + +func PipePathOfTunnel(tunnelName string) (string, error) { + if !conf.TunnelNameIsValid(tunnelName) { + return "", errors.New("Tunnel name is not valid") + } + return "\\\\.\\pipe\\wireguard\\" + tunnelName, nil +} diff --git a/service/service_manager.go b/service/service_manager.go index 1f31521b..9b227592 100644 --- a/service/service_manager.go +++ b/service/service_manager.go @@ -266,7 +266,6 @@ loop: case svc.Interrogate: changes <- c.CurrentStatus case svc.SessionChange: - //TODO: All the logic here depends on https://go-review.googlesource.com/c/sys/+/158698 being merged if c.EventType != wtsSessionLogon && c.EventType != wtsSessionLogoff { continue } diff --git a/service/tunneltracker.go b/service/tunneltracker.go index 2545930d..96d0f6e3 100644 --- a/service/tunneltracker.go +++ b/service/tunneltracker.go @@ -69,7 +69,10 @@ func trackExistingTunnels() error { return err } for _, name := range names { - serviceName := "WireGuard Tunnel: " + name + serviceName, err := ServiceNameOfTunnel(name) + if err != nil { + continue + } service, err := m.OpenService(serviceName) if err != nil { continue -- cgit v1.2.3-59-g8ed1b