diff options
-rw-r--r-- | lib/tunnel_encaps.c | 17 | ||||
-rw-r--r-- | lib/tunnel_encaps.h | 4 | ||||
-rw-r--r-- | proto/wireguard/wireguard.c | 7 |
3 files changed, 15 insertions, 13 deletions
diff --git a/lib/tunnel_encaps.c b/lib/tunnel_encaps.c index 43fcdbcb..c2b0f60d 100644 --- a/lib/tunnel_encaps.c +++ b/lib/tunnel_encaps.c @@ -1,14 +1,15 @@ #include "lib/tunnel_encaps.h" static -int decode_wireguard(const void *p, size_t sub_tlv_len, wg_key *pubkey, u16 *flags) +int decode_encap(const void *p, size_t sub_tlv_len, void *encap, size_t *encap_size, u16 *flags) { - if (sub_tlv_len != sizeof(wg_key)) { - log(L_TRACE "WG: wireguard len error %d", sub_tlv_len); + if (sub_tlv_len > *encap_size) { + log(L_TRACE "WG: encapsulation len error %d > %d", sub_tlv_len, *encap_size); return -1; } - memcpy(pubkey, p, sizeof(wg_key)); + memcpy(encap, p, sub_tlv_len); + *encap_size = sub_tlv_len; *flags |= FLAG_BGP_TUNNEL_ENCAP_A_SUB_TLV_ENCAP; return 0; } @@ -78,7 +79,7 @@ int decode_tunnel_ep(const void *p, size_t sub_tlv_len, u32 *as4, ip_addr *tunne } static -int decode_sub_tlv(const u8 *p, size_t len, wg_key *pubkey, +int decode_sub_tlv(const u8 *p, size_t len, void *encap, size_t *encap_size, u32 *tunnel_ep_as, ip_addr *tunnel_ep_addr, u32 *color, u16 *udp_dest_port, u16 *flags) { @@ -114,7 +115,7 @@ int decode_sub_tlv(const u8 *p, size_t len, wg_key *pubkey, switch (type) { case BGP_TUNNEL_ENCAP_A_SUB_TLV_ENCAP: - res = decode_wireguard(p, sub_tlv_len, pubkey, flags); + res = decode_encap(p, sub_tlv_len, encap, encap_size, flags); break; case BGP_TUNNEL_ENCAP_A_SUB_TLV_TUNNEL_EP: res = decode_tunnel_ep(p, sub_tlv_len, tunnel_ep_as, tunnel_ep_addr, flags); @@ -137,7 +138,7 @@ int decode_sub_tlv(const u8 *p, size_t len, wg_key *pubkey, return p - first + sub_tlv_len; } -int decode_tunnel_encap(const eattr *e, u16 wg_tunnel_type, wg_key *pubkey, u32 *as4, ip_addr *tunnel_ep, u32 *color, u16 *udp_port, u16 *flags) +int decode_tunnel_encap(const eattr *e, u16 wg_tunnel_type, void *encap, size_t *encap_size, u32 *as4, ip_addr *tunnel_ep, u32 *color, u16 *udp_port, u16 *flags) { const u8 *p = e->u.ptr->data; int len = e->u.ptr->length; @@ -166,7 +167,7 @@ int decode_tunnel_encap(const eattr *e, u16 wg_tunnel_type, wg_key *pubkey, u32 } for (const u8 *cur = p + 4; cur < p + 4 + value_length;) { - int res = decode_sub_tlv(cur, value_length, pubkey, as4, tunnel_ep, color, udp_port, flags); + int res = decode_sub_tlv(cur, value_length, encap, encap_size, as4, tunnel_ep, color, udp_port, flags); if (res < 0) { log(L_TRACE "WG: decode error %d", res); diff --git a/lib/tunnel_encaps.h b/lib/tunnel_encaps.h index 6c85a883..9d25e5c5 100644 --- a/lib/tunnel_encaps.h +++ b/lib/tunnel_encaps.h @@ -4,6 +4,8 @@ #include "nest/route.h" #include "sysdep/linux/wireguard.h" +#define BA_TUNNEL_ENCAP 0x17 + #define BGP_TUNNEL_ENCAP_A_SUB_TLV_ENCAP 1 #define BGP_TUNNEL_ENCAP_A_SUB_TLV_COLOR 4 #define BGP_TUNNEL_ENCAP_A_SUB_TLV_TUNNEL_EP 6 @@ -14,6 +16,6 @@ #define FLAG_BGP_TUNNEL_ENCAP_A_SUB_TLV_TUNNEL_EP (1<<BGP_TUNNEL_ENCAP_A_SUB_TLV_TUNNEL_EP) #define FLAG_BGP_TUNNEL_ENCAP_A_SUB_TLV_UDP_DEST_PORT (1<<BGP_TUNNEL_ENCAP_A_SUB_TLV_UDP_DEST_PORT) -int decode_tunnel_encap(const eattr *e, u16 wg_tunnel_type, wg_key *pubkey, u32 *as4, ip_addr *tunnel_ep, u32 *color, u16 *udp_port, u16 *flags); +int decode_tunnel_encap(const eattr *e, u16 wg_tunnel_type, void *encap, size_t *encap_size, u32 *as4, ip_addr *tunnel_ep, u32 *color, u16 *udp_port, u16 *flags); #endif /* _BIRD_TUNNEL_ENCAPS_ */ diff --git a/proto/wireguard/wireguard.c b/proto/wireguard/wireguard.c index 6733010d..2c2e6796 100644 --- a/proto/wireguard/wireguard.c +++ b/proto/wireguard/wireguard.c @@ -16,8 +16,6 @@ #include "sysdep/unix/wg_user.h" #include "wireguard.h" -#define BA_TUNNEL_ENCAP 0x17 - static int get_device(struct wg_proto *p, wg_device **pdev, const char *device_name) { @@ -257,7 +255,8 @@ wg_rt_notify(struct proto *P, struct channel *CH, struct network *n, new->attrs->dest, n->n.addr); wg_key pubkey; - memset(pubkey, 0, sizeof(wg_key)); + size_t pubkey_size = sizeof(wg_key); + memset(pubkey, 0, pubkey_size); u32 tunnel_ep_as4 = 0; ip_addr tunnel_ep_addr = IPA_NONE; u16 udp_dest_port = 0; @@ -268,7 +267,7 @@ wg_rt_notify(struct proto *P, struct channel *CH, struct network *n, if (!t && he && he->src) { t = ea_find(he->src->eattrs, EA_CODE(PROTOCOL_BGP, BA_TUNNEL_ENCAP)); } - if (t && t->u.ptr && decode_tunnel_encap(t, c->tunnel_type, &pubkey, &tunnel_ep_as4, &tunnel_ep_addr, &color, &udp_dest_port, &flags) == 0) { + if (t && t->u.ptr && decode_tunnel_encap(t, c->tunnel_type, &pubkey, &pubkey_size, &tunnel_ep_as4, &tunnel_ep_addr, &color, &udp_dest_port, &flags) == 0 && pubkey_size == sizeof(wg_key)) { log(L_TRACE "WG: Attr %x %x %d %04x", t->flags, t->type, t->u.ptr->length, flags); struct wg_device *dev = p->dev; |