rixxc/wireguard-rs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed EINVAL on read4/6 from invalid namelen

Browse Source
This commit is contained in:
Mathias Hall-Andersen
2020-02-16 13:24:23 +01:00
parent 5e6edb280e
commit 1ebbc51126
5 changed files with 18 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/platform/linux/udp.rs
View File

@@ -216,7 +216,7 @@ impl LinuxUDPReader {
let mut control: ControlHeaderV6 = unsafe { mem::MaybeUninit::uninit().assume_init() }; let mut control: ControlHeaderV6 = unsafe { mem::MaybeUninit::uninit().assume_init() };
let mut hdr = libc::msghdr { let mut hdr = libc::msghdr {
msg_name: safe_cast(&mut src), msg_name: safe_cast(&mut src),
msg_namelen: mem::size_of::<libc::sockaddr_in6> as u32, msg_namelen: mem::size_of::<libc::sockaddr_in6>() as u32,
msg_iov: iovs.as_mut_ptr(), msg_iov: iovs.as_mut_ptr(),
msg_iovlen: iovs.len(), msg_iovlen: iovs.len(),
msg_control: safe_cast(&mut control), msg_control: safe_cast(&mut control),
@@ -236,7 +236,7 @@ impl LinuxUDPReader {
return Err(io::Error::new( return Err(io::Error::new(
io::ErrorKind::NotConnected, io::ErrorKind::NotConnected,
format!( format!(
"Failed to receive (len = {}, fd = {}, errno = {})", "failed to receive (len = {}, fd = {}, errno = {})",
len, len,
fd, fd,
errno() errno()
@@ -270,7 +270,7 @@ impl LinuxUDPReader {
let mut control: ControlHeaderV4 = unsafe { mem::MaybeUninit::uninit().assume_init() }; let mut control: ControlHeaderV4 = unsafe { mem::MaybeUninit::uninit().assume_init() };
let mut hdr = libc::msghdr { let mut hdr = libc::msghdr {
msg_name: safe_cast(&mut src), msg_name: safe_cast(&mut src),
msg_namelen: mem::size_of::<libc::sockaddr_in> as u32, msg_namelen: mem::size_of::<libc::sockaddr_in>() as u32,
msg_iov: iovs.as_mut_ptr(), msg_iov: iovs.as_mut_ptr(),
msg_iovlen: iovs.len(), msg_iovlen: iovs.len(),
msg_control: safe_cast(&mut control), msg_control: safe_cast(&mut control),

2
src/wireguard/handshake/device.rs
View File

@@ -7,8 +7,8 @@ use zerocopy::AsBytes;
use byteorder::{ByteOrder, LittleEndian}; use byteorder::{ByteOrder, LittleEndian};
use rand::prelude::{CryptoRng, RngCore};
use rand::Rng; use rand::Rng;
use rand_core::{CryptoRng, RngCore};
use clear_on_drop::clear::Clear; use clear_on_drop::clear::Clear;

16
src/wireguard/handshake/noise.rs
View File

@@ -1,3 +1,5 @@
use std::time::Instant;
// DH // DH
use x25519_dalek::PublicKey; use x25519_dalek::PublicKey;
use x25519_dalek::StaticSecret; use x25519_dalek::StaticSecret;
@@ -10,9 +12,9 @@ use hmac::Hmac;
use aead::{Aead, NewAead, Payload}; use aead::{Aead, NewAead, Payload};
use chacha20poly1305::ChaCha20Poly1305; use chacha20poly1305::ChaCha20Poly1305;
use rand_core::{CryptoRng, RngCore}; use log;
use log::debug; use rand::prelude::{CryptoRng, RngCore};
use generic_array::typenum::*; use generic_array::typenum::*;
use generic_array::*; use generic_array::*;
@@ -31,8 +33,6 @@ use super::types::*;
use super::super::types::{Key, KeyPair}; use super::super::types::{Key, KeyPair};
use std::time::Instant;
// HMAC hasher (generic construction) // HMAC hasher (generic construction)
type HMACBlake2s = Hmac<Blake2s>; type HMACBlake2s = Hmac<Blake2s>;
@@ -223,7 +223,7 @@ pub(super) fn create_initiation<R: RngCore + CryptoRng, O>(
local: u32, local: u32,
msg: &mut NoiseInitiation, msg: &mut NoiseInitiation,
) -> Result<(), HandshakeError> { ) -> Result<(), HandshakeError> {
debug!("create initiation"); log::debug!("create initiation");
clear_stack_on_return(CLEAR_PAGES, || { clear_stack_on_return(CLEAR_PAGES, || {
// initialize state // initialize state
@@ -303,7 +303,7 @@ pub(super) fn consume_initiation<'a, O>(
keyst: &KeyState, keyst: &KeyState,
msg: &NoiseInitiation, msg: &NoiseInitiation,
) -> Result<(&'a Peer<O>, PublicKey, TemporaryState), HandshakeError> { ) -> Result<(&'a Peer<O>, PublicKey, TemporaryState), HandshakeError> {
debug!("consume initiation"); log::debug!("consume initiation");
clear_stack_on_return(CLEAR_PAGES, || { clear_stack_on_return(CLEAR_PAGES, || {
// initialize new state // initialize new state
@@ -386,7 +386,7 @@ pub(super) fn create_response<R: RngCore + CryptoRng, O>(
state: TemporaryState, // state from "consume_initiation" state: TemporaryState, // state from "consume_initiation"
msg: &mut NoiseResponse, // resulting response msg: &mut NoiseResponse, // resulting response
) -> Result<KeyPair, HandshakeError> { ) -> Result<KeyPair, HandshakeError> {
debug!("create response"); log::debug!("create response");
clear_stack_on_return(CLEAR_PAGES, || { clear_stack_on_return(CLEAR_PAGES, || {
// unpack state // unpack state
@@ -471,7 +471,7 @@ pub(super) fn consume_response<'a, O>(
keyst: &KeyState, keyst: &KeyState,
msg: &NoiseResponse, msg: &NoiseResponse,
) -> Result<Output<'a, O>, HandshakeError> { ) -> Result<Output<'a, O>, HandshakeError> {
debug!("consume response"); log::debug!("consume response");
clear_stack_on_return(CLEAR_PAGES, || { clear_stack_on_return(CLEAR_PAGES, || {
// retrieve peer and copy initiation state // retrieve peer and copy initiation state
let (peer, _) = device.lookup_id(msg.f_receiver.get())?; let (peer, _) = device.lookup_id(msg.f_receiver.get())?;

3
src/wireguard/handshake/ratelimiter.rs
View File

@@ -1,4 +1,3 @@
use spin;
use std::collections::HashMap; use std::collections::HashMap;
use std::net::IpAddr; use std::net::IpAddr;
use std::sync::atomic::{AtomicBool, Ordering}; use std::sync::atomic::{AtomicBool, Ordering};
@@ -6,6 +5,8 @@ use std::sync::{Arc, Condvar, Mutex};
use std::thread; use std::thread;
use std::time::{Duration, Instant}; use std::time::{Duration, Instant};
use spin;
const PACKETS_PER_SECOND: u64 = 20; const PACKETS_PER_SECOND: u64 = 20;
const PACKETS_BURSTABLE: u64 = 5; const PACKETS_BURSTABLE: u64 = 5;
const PACKET_COST: u64 = 1_000_000_000 / PACKETS_PER_SECOND; const PACKET_COST: u64 = 1_000_000_000 / PACKETS_PER_SECOND;

6
src/wireguard/handshake/tests.rs
View File

@@ -1,11 +1,13 @@
use super::*; use super::*;
use hex;
use rand::rngs::OsRng;
use std::net::SocketAddr; use std::net::SocketAddr;
use std::thread; use std::thread;
use std::time::Duration; use std::time::Duration;
use hex;
use rand::prelude::{CryptoRng, RngCore}; use rand::prelude::{CryptoRng, RngCore};
use rand::rngs::OsRng;
use x25519_dalek::PublicKey; use x25519_dalek::PublicKey;
use x25519_dalek::StaticSecret; use x25519_dalek::StaticSecret;