diff options
author | Mikael Magnusson <mikma@users.sourceforge.net> | 2023-11-23 01:20:59 +0100 |
---|---|---|
committer | Mikael Magnusson <mikma@users.sourceforge.net> | 2023-11-23 01:20:59 +0100 |
commit | b74386fcf7a78b2d9f6c6a8bddceb02afae08c0c (patch) | |
tree | 1da2fac621274fb1ddce3b83d1313b0a2d07accc /sysdep | |
parent | 30cf5a04ac0dc3dd4bd0662b241349bd0d10b469 (diff) |
Wg-user: improve rx_hookwireguard-next-tmp7
Fix possible buffer overrun in rx_hook.
Let err_hook close socket instead of rx_hook.
Diffstat (limited to 'sysdep')
-rw-r--r-- | sysdep/unix/wg_user.c | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/sysdep/unix/wg_user.c b/sysdep/unix/wg_user.c index a929b989..550f499e 100644 --- a/sysdep/unix/wg_user.c +++ b/sysdep/unix/wg_user.c @@ -52,12 +52,18 @@ bool wg_has_userspace(const char *ifname) /* NULL=receiving turned off, returns 1 to clear rx buffer */ static -int user_rx_hook(struct birdsock *sk UNUSED, uint size UNUSED) +int user_rx_hook(struct birdsock *sk, uint size) { - char buf[1024]=""; - strncpy(buf, sk->rbuf, size); - log(L_TRACE "WG: RX %p %d '%s'", sk, size, buf); - rfree(sk); + if (size > 0) + { + char buf[1024]=""; + buf[sizeof(buf) - 1] = '\0'; + strncpy(buf, sk->rbuf, sizeof(buf) - 1); + log(L_TRACE "WG: RX %p %d '%s'", sk, size, buf); + /* TODO interpret received data */ + } + + /* Clear rx buffer */ return 1; } @@ -73,12 +79,9 @@ void user_tx_hook(struct birdsock *bs) int res = sk_send(bs, bs->tbsize - size); /* Send data, <0=err, >0=ok, 0=sleep */ - log(L_TRACE "WG: send %d", res); - - if (res != 0) + if (res < 0) { - //rfree(sock); - //shutdown(sock->fd, SHUT_WR); + log(L_TRACE "WG: send %d", res); } bs->data = NULL; |