TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-02-18 02:48:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

wgengine/magicsock: fix crash reading DERP packet

Browse Source 
Starting at yesterday's e96f22e5600702 (convering some UDPAddrs to
IPPorts), Conn.ReceiveIPv4 could return a nil addr, which would make
its way through wireguard-go and blow up later. The DERP read path
wasn't initializing the addr result parameter any more, and wgRecvAddr
wasn't checking it either.

Fixes #515
This commit is contained in:
Brad Fitzpatrick 2020-07-01 09:36:19 -07:00
parent 47b4a19786
commit 7b3c0bb7f6
1 changed files with 17 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
wgengine/magicsock/magicsock.go
View File

@ -1221,15 +1221,21 @@ func (c *Conn) awaitUDP4(b []byte) {
}
}
// wgRecvAddr conditionally alters the returned UDPAddr we tell
// wireguard-go we received a packet from. For peers with discovery
// keys, we always use the same one, a unique synthetic value created
// per peer.
func wgRecvAddr(e conn.Endpoint, addr *net.UDPAddr) *net.UDPAddr {
// wgRecvAddr returns the net.UDPAddr we tell wireguard-go the address
// from which we received a packet for an endpoint.
//
// ipp is required. addr can be optionally provided.
func wgRecvAddr(e conn.Endpoint, ipp netaddr.IPPort, addr *net.UDPAddr) *net.UDPAddr {
if ipp == (netaddr.IPPort{}) {
panic("zero ipp")
}
if de, ok := e.(*discoEndpoint); ok {
return de.fakeWGAddrStd
}
return addr
if addr != nil {
return addr
}
return ipp.UDPAddr()
}
func (c *Conn) ReceiveIPv4(b []byte) (n int, ep conn.Endpoint, addr *net.UDPAddr, err error) {
@ -1237,8 +1243,9 @@ Top:
// First, process any buffered packet from earlier.
if from := c.bufferedIPv4From; from != (netaddr.IPPort{}) {
c.bufferedIPv4From = netaddr.IPPort{}
ep := c.findEndpoint(from, from.UDPAddr())
return copy(b, c.bufferedIPv4Packet), ep, wgRecvAddr(ep, addr), nil
addr = from.UDPAddr()
ep := c.findEndpoint(from, addr)
return copy(b, c.bufferedIPv4Packet), ep, wgRecvAddr(ep, from, addr), nil
}
go c.awaitUDP4(b)
@ -1329,7 +1336,7 @@ Top:
} else {
ep = c.findEndpoint(ipp, addr)
}
return n, ep, wgRecvAddr(ep, addr), nil
return n, ep, wgRecvAddr(ep, ipp, addr), nil
}
func (c *Conn) ReceiveIPv6(b []byte) (int, conn.Endpoint, *net.UDPAddr, error) {
@ -1355,7 +1362,7 @@ func (c *Conn) ReceiveIPv6(b []byte) (int, conn.Endpoint, *net.UDPAddr, error) {
}
ep := c.findEndpoint(ipp, addr)
return n, ep, wgRecvAddr(ep, addr), nil
return n, ep, wgRecvAddr(ep, ipp, addr), nil
}
}