summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/tunnel_encaps.c17
-rw-r--r--lib/tunnel_encaps.h4
-rw-r--r--proto/wireguard/wireguard.c7
3 files changed, 15 insertions, 13 deletions
diff --git a/lib/tunnel_encaps.c b/lib/tunnel_encaps.c
index 43fcdbcb..c2b0f60d 100644
--- a/lib/tunnel_encaps.c
+++ b/lib/tunnel_encaps.c
@@ -1,14 +1,15 @@
#include "lib/tunnel_encaps.h"
static
-int decode_wireguard(const void *p, size_t sub_tlv_len, wg_key *pubkey, u16 *flags)
+int decode_encap(const void *p, size_t sub_tlv_len, void *encap, size_t *encap_size, u16 *flags)
{
- if (sub_tlv_len != sizeof(wg_key)) {
- log(L_TRACE "WG: wireguard len error %d", sub_tlv_len);
+ if (sub_tlv_len > *encap_size) {
+ log(L_TRACE "WG: encapsulation len error %d > %d", sub_tlv_len, *encap_size);
return -1;
}
- memcpy(pubkey, p, sizeof(wg_key));
+ memcpy(encap, p, sub_tlv_len);
+ *encap_size = sub_tlv_len;
*flags |= FLAG_BGP_TUNNEL_ENCAP_A_SUB_TLV_ENCAP;
return 0;
}
@@ -78,7 +79,7 @@ int decode_tunnel_ep(const void *p, size_t sub_tlv_len, u32 *as4, ip_addr *tunne
}
static
-int decode_sub_tlv(const u8 *p, size_t len, wg_key *pubkey,
+int decode_sub_tlv(const u8 *p, size_t len, void *encap, size_t *encap_size,
u32 *tunnel_ep_as, ip_addr *tunnel_ep_addr,
u32 *color, u16 *udp_dest_port, u16 *flags)
{
@@ -114,7 +115,7 @@ int decode_sub_tlv(const u8 *p, size_t len, wg_key *pubkey,
switch (type) {
case BGP_TUNNEL_ENCAP_A_SUB_TLV_ENCAP:
- res = decode_wireguard(p, sub_tlv_len, pubkey, flags);
+ res = decode_encap(p, sub_tlv_len, encap, encap_size, flags);
break;
case BGP_TUNNEL_ENCAP_A_SUB_TLV_TUNNEL_EP:
res = decode_tunnel_ep(p, sub_tlv_len, tunnel_ep_as, tunnel_ep_addr, flags);
@@ -137,7 +138,7 @@ int decode_sub_tlv(const u8 *p, size_t len, wg_key *pubkey,
return p - first + sub_tlv_len;
}
-int decode_tunnel_encap(const eattr *e, u16 wg_tunnel_type, wg_key *pubkey, u32 *as4, ip_addr *tunnel_ep, u32 *color, u16 *udp_port, u16 *flags)
+int decode_tunnel_encap(const eattr *e, u16 wg_tunnel_type, void *encap, size_t *encap_size, u32 *as4, ip_addr *tunnel_ep, u32 *color, u16 *udp_port, u16 *flags)
{
const u8 *p = e->u.ptr->data;
int len = e->u.ptr->length;
@@ -166,7 +167,7 @@ int decode_tunnel_encap(const eattr *e, u16 wg_tunnel_type, wg_key *pubkey, u32
}
for (const u8 *cur = p + 4; cur < p + 4 + value_length;) {
- int res = decode_sub_tlv(cur, value_length, pubkey, as4, tunnel_ep, color, udp_port, flags);
+ int res = decode_sub_tlv(cur, value_length, encap, encap_size, as4, tunnel_ep, color, udp_port, flags);
if (res < 0) {
log(L_TRACE "WG: decode error %d", res);
diff --git a/lib/tunnel_encaps.h b/lib/tunnel_encaps.h
index 6c85a883..9d25e5c5 100644
--- a/lib/tunnel_encaps.h
+++ b/lib/tunnel_encaps.h
@@ -4,6 +4,8 @@
#include "nest/route.h"
#include "sysdep/linux/wireguard.h"
+#define BA_TUNNEL_ENCAP 0x17
+
#define BGP_TUNNEL_ENCAP_A_SUB_TLV_ENCAP 1
#define BGP_TUNNEL_ENCAP_A_SUB_TLV_COLOR 4
#define BGP_TUNNEL_ENCAP_A_SUB_TLV_TUNNEL_EP 6
@@ -14,6 +16,6 @@
#define FLAG_BGP_TUNNEL_ENCAP_A_SUB_TLV_TUNNEL_EP (1<<BGP_TUNNEL_ENCAP_A_SUB_TLV_TUNNEL_EP)
#define FLAG_BGP_TUNNEL_ENCAP_A_SUB_TLV_UDP_DEST_PORT (1<<BGP_TUNNEL_ENCAP_A_SUB_TLV_UDP_DEST_PORT)
-int decode_tunnel_encap(const eattr *e, u16 wg_tunnel_type, wg_key *pubkey, u32 *as4, ip_addr *tunnel_ep, u32 *color, u16 *udp_port, u16 *flags);
+int decode_tunnel_encap(const eattr *e, u16 wg_tunnel_type, void *encap, size_t *encap_size, u32 *as4, ip_addr *tunnel_ep, u32 *color, u16 *udp_port, u16 *flags);
#endif /* _BIRD_TUNNEL_ENCAPS_ */
diff --git a/proto/wireguard/wireguard.c b/proto/wireguard/wireguard.c
index 6733010d..2c2e6796 100644
--- a/proto/wireguard/wireguard.c
+++ b/proto/wireguard/wireguard.c
@@ -16,8 +16,6 @@
#include "sysdep/unix/wg_user.h"
#include "wireguard.h"
-#define BA_TUNNEL_ENCAP 0x17
-
static
int get_device(struct wg_proto *p, wg_device **pdev, const char *device_name)
{
@@ -257,7 +255,8 @@ wg_rt_notify(struct proto *P, struct channel *CH, struct network *n,
new->attrs->dest, n->n.addr);
wg_key pubkey;
- memset(pubkey, 0, sizeof(wg_key));
+ size_t pubkey_size = sizeof(wg_key);
+ memset(pubkey, 0, pubkey_size);
u32 tunnel_ep_as4 = 0;
ip_addr tunnel_ep_addr = IPA_NONE;
u16 udp_dest_port = 0;
@@ -268,7 +267,7 @@ wg_rt_notify(struct proto *P, struct channel *CH, struct network *n,
if (!t && he && he->src) {
t = ea_find(he->src->eattrs, EA_CODE(PROTOCOL_BGP, BA_TUNNEL_ENCAP));
}
- if (t && t->u.ptr && decode_tunnel_encap(t, c->tunnel_type, &pubkey, &tunnel_ep_as4, &tunnel_ep_addr, &color, &udp_dest_port, &flags) == 0) {
+ if (t && t->u.ptr && decode_tunnel_encap(t, c->tunnel_type, &pubkey, &pubkey_size, &tunnel_ep_as4, &tunnel_ep_addr, &color, &udp_dest_port, &flags) == 0 && pubkey_size == sizeof(wg_key)) {
log(L_TRACE "WG: Attr %x %x %d %04x", t->flags, t->type, t->u.ptr->length, flags);
struct wg_device *dev = p->dev;