From 6bb01a673d1b8805580f4f1a5506319da136a279 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sun, 3 Jul 2016 22:04:51 +0200 Subject: receive: protect against impossible conditions It should never be the case that skb->head + skb->transport_header - skb->data is greater than 2^16, but in case the kernel network stack borks this at some point in the future, we don't want this to slyly introduce a vulnerability into WireGuard. Further, really smart compilers might be able to make deductions about data_offset, and optimize accordingly. Signed-off-by: Jason A. Donenfeld --- src/receive.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src') diff --git a/src/receive.c b/src/receive.c index 227b276..1b86489 100644 --- a/src/receive.c +++ b/src/receive.c @@ -47,6 +47,10 @@ static inline int skb_data_offset(struct sk_buff *skb, size_t *data_offset, size udp = udp_hdr(skb); *data_offset = (u8 *)udp - skb->data; + if (unlikely(*data_offset > U16_MAX)) { + net_dbg_ratelimited("Packet has offset at impossible location from %pISpfsc\n", &addr); + return -EINVAL; + } if (unlikely(*data_offset + sizeof(struct udphdr) > skb->len)) { net_dbg_ratelimited("Packet isn't big enough to have UDP fields from %pISpfsc\n", &addr); return -EINVAL; -- cgit v1.2.3