From e214f4ad096d72be710c8151d0dea3858f9c0fe9 Mon Sep 17 00:00:00 2001 From: Mikael Magnusson Date: Thu, 23 Nov 2023 01:20:59 +0100 Subject: Wg-user: improve rx_hook Fix possible buffer overrun in rx_hook. Let err_hook close socket instead of rx_hook. --- sysdep/unix/wg_user.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/sysdep/unix/wg_user.c b/sysdep/unix/wg_user.c index a929b989..550f499e 100644 --- a/sysdep/unix/wg_user.c +++ b/sysdep/unix/wg_user.c @@ -52,12 +52,18 @@ bool wg_has_userspace(const char *ifname) /* NULL=receiving turned off, returns 1 to clear rx buffer */ static -int user_rx_hook(struct birdsock *sk UNUSED, uint size UNUSED) +int user_rx_hook(struct birdsock *sk, uint size) { - char buf[1024]=""; - strncpy(buf, sk->rbuf, size); - log(L_TRACE "WG: RX %p %d '%s'", sk, size, buf); - rfree(sk); + if (size > 0) + { + char buf[1024]=""; + buf[sizeof(buf) - 1] = '\0'; + strncpy(buf, sk->rbuf, sizeof(buf) - 1); + log(L_TRACE "WG: RX %p %d '%s'", sk, size, buf); + /* TODO interpret received data */ + } + + /* Clear rx buffer */ return 1; } @@ -73,12 +79,9 @@ void user_tx_hook(struct birdsock *bs) int res = sk_send(bs, bs->tbsize - size); /* Send data, <0=err, >0=ok, 0=sleep */ - log(L_TRACE "WG: send %d", res); - - if (res != 0) + if (res < 0) { - //rfree(sock); - //shutdown(sock->fd, SHUT_WR); + log(L_TRACE "WG: send %d", res); } bs->data = NULL; -- cgit v1.2.3