Date: Mon, 8 Mar 2021 06:22:42 GMT From: Kyle Evans <kevans@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: df554850858f - main - wg_input: avoid leaking due to an m_defrag failure Message-ID: <202103080622.1286Mgeg059176@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=df554850858f59fd9d54c25a96bb7dfc4237fa70 commit df554850858f59fd9d54c25a96bb7dfc4237fa70 Author: Kyle Evans <kevans@FreeBSD.org> AuthorDate: 2021-03-08 02:49:00 +0000 Commit: Kyle Evans <kevans@FreeBSD.org> CommitDate: 2021-03-08 06:21:23 +0000 wg_input: avoid leaking due to an m_defrag failure m_defrag() will not free the chain on failure, leaking the mbuf. Obtained from: OpenBSD MFC after: 3 days --- sys/dev/if_wg/module/if_wg_session.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/sys/dev/if_wg/module/if_wg_session.c b/sys/dev/if_wg/module/if_wg_session.c index 084bc789039d..cb2a88812855 100644 --- a/sys/dev/if_wg/module/if_wg_session.c +++ b/sys/dev/if_wg/module/if_wg_session.c @@ -1905,7 +1905,13 @@ wg_input(struct mbuf *m0, int offset, struct inpcb *inpcb, m_adj(m0, hlen); - if ((m = m_defrag(m0, M_NOWAIT)) == NULL) { + /* + * Ensure mbuf is contiguous over full length of the packet. This is + * done so that we can directly read the handshake values in + * wg_handshake, and so we can decrypt a transport packet by passing a + * a single buffer to noise_remote_decrypt() in wg_decap. + */ + if ((m = m_pullup(m0, m0->m_pkthdr.len)) == NULL) { DPRINTF(sc, "DEFRAG fail\n"); return; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202103080622.1286Mgeg059176>