From 03eec4b14d6dc42af4177176b2d8a6d3dfc5d160 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Sat, 9 Mar 2019 09:24:52 +0000 Subject: [PATCH] Don't leak interface name via multicast, ensure zone is always correct when dialling link-local --- src/yggdrasil/multicast.go | 8 +++++--- src/yggdrasil/tcp.go | 18 ++++++++++++------ 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/src/yggdrasil/multicast.go b/src/yggdrasil/multicast.go index 1c67044f..bf4b2a74 100644 --- a/src/yggdrasil/multicast.go +++ b/src/yggdrasil/multicast.go @@ -166,6 +166,7 @@ func (m *multicast) announce() { // Get the listener details and construct the multicast beacon lladdr := listener.listener.Addr().String() if a, err := net.ResolveTCPAddr("tcp6", lladdr); err == nil { + a.Zone = "" destAddr.Zone = iface.Name msg := []byte(a.String()) m.sock.WriteTo(msg, nil, destAddr) @@ -208,8 +209,9 @@ func (m *multicast) listen() { if addr.IP.String() != from.IP.String() { continue } - addr.Zone = from.Zone - saddr := addr.String() - m.core.link.call("tcp://"+saddr, addr.Zone) + addr.Zone = "" + if err := m.core.link.call("tcp://"+addr.String(), from.Zone); err != nil { + m.core.log.Debugln("Call from multicast failed:", err) + } } } diff --git a/src/yggdrasil/tcp.go b/src/yggdrasil/tcp.go index 43ea4431..8b91457a 100644 --- a/src/yggdrasil/tcp.go +++ b/src/yggdrasil/tcp.go @@ -259,6 +259,16 @@ func (t *tcp) call(saddr string, options interface{}, sintf string) { } t.handler(conn, false, dialerdst.String()) } else { + dst, err := net.ResolveTCPAddr("tcp", saddr) + if err != nil { + return + } + if dst.IP.IsLinkLocalUnicast() { + dst.Zone = sintf + if dst.Zone == "" { + return + } + } dialer := net.Dialer{ Control: t.tcpContext, } @@ -272,10 +282,6 @@ func (t *tcp) call(saddr string, options interface{}, sintf string) { } addrs, err := ief.Addrs() if err == nil { - dst, err := net.ResolveTCPAddr("tcp", saddr) - if err != nil { - return - } for addrindex, addr := range addrs { src, _, err := net.ParseCIDR(addr.String()) if err != nil { @@ -309,9 +315,9 @@ func (t *tcp) call(saddr string, options interface{}, sintf string) { } } } - - conn, err = dialer.Dial("tcp", saddr) + conn, err = dialer.Dial("tcp", dst.String()) if err != nil { + t.link.core.log.Debugln("Failed to dial TCP:", err) return } t.handler(conn, false, nil)