diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-08-08 19:18:25 -0700 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-08-09 01:22:05 -0700 |
| commit | ed1b3a4fe8f3b27d47b65bc4f7cf5cd19ec199a1 (patch) | |
| tree | 05b87b7e51c38fb2b20b2ace28610cfcefd2ae8c /src | |
| parent | dc1315ab86fdc2d2a43130e2b133ff996038090d (diff) | |
netlink: don't start over iteration on multipart non-first allowedips
Reported-by: Matt Layher <mdlayher@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/netlink.c | 6 | ||||
| -rwxr-xr-x | src/tests/netns.sh | 24 |
2 files changed, 28 insertions, 2 deletions
diff --git a/src/netlink.c b/src/netlink.c index 90c7aa2..3147587 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -165,7 +165,7 @@ static int get_device_start(struct netlink_callback *cb) static int get_device_dump(struct sk_buff *skb, struct netlink_callback *cb) { struct wireguard_device *wg = (struct wireguard_device *)cb->args[0]; - struct wireguard_peer *peer, *next_peer_cursor = NULL, *last_peer_cursor = (struct wireguard_peer *)cb->args[1]; + struct wireguard_peer *peer, *next_peer_cursor, *last_peer_cursor; struct allowedips_cursor *rt_cursor = (struct allowedips_cursor *)cb->args[2]; unsigned int peer_idx = 0; struct nlattr *peers_nest; @@ -173,6 +173,8 @@ static int get_device_dump(struct sk_buff *skb, struct netlink_callback *cb) void *hdr; int ret = -EMSGSIZE; + next_peer_cursor = last_peer_cursor = (struct wireguard_peer *)cb->args[1]; + rtnl_lock(); mutex_lock(&wg->device_update_lock); cb->seq = wg->device_update_gen; @@ -220,9 +222,9 @@ static int get_device_dump(struct sk_buff *skb, struct netlink_callback *cb) nla_nest_end(skb, peers_nest); out: - peer_put(last_peer_cursor); if (!ret && !done && next_peer_cursor) peer_get(next_peer_cursor); + peer_put(last_peer_cursor); mutex_unlock(&wg->device_update_lock); rtnl_unlock(); diff --git a/src/tests/netns.sh b/src/tests/netns.sh index d1950a0..29e1fd4 100755 --- a/src/tests/netns.sh +++ b/src/tests/netns.sh @@ -439,6 +439,30 @@ n0 wg setconf wg0 <(printf '%s\n' "${config[@]}") n0 wg showconf wg0 > /dev/null ip0 link del wg0 +allowedips=( ) +for i in {1..197}; do + allowedips+=( abcd::$i ) +done +saved_ifs="$IFS" +IFS=, +allowedips="${allowedips[*]}" +IFS="$saved_ifs" +ip0 link add wg0 type wireguard +n0 wg set wg0 peer "$pub1" +n0 wg set wg0 peer "$pub2" allowed-ips "$allowedips" +{ + read -r pub allowedips + [[ $pub == "$pub1" && $allowedips == "(none)" ]] + read -r pub allowedips + [[ $pub == "$pub2" ]] + i=0 + for _ in $allowedips; do + ((++i)) + done + ((i == 197)) +} < <(n0 wg show wg0 allowed-ips) +ip0 link del wg0 + ! n0 wg show doesnotexist || false ip0 link add wg0 type wireguard |