git: b0fa37f356fd - stable/14 - if_wg: fix access to noise_local->l_has_identity and l_private
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 30 Jan 2024 05:39:26 UTC
The branch stable/14 has been updated by kevans:
URL: https://cgit.FreeBSD.org/src/commit/?id=b0fa37f356fd9dd5040c034c7523ec235fbb311b
commit b0fa37f356fd9dd5040c034c7523ec235fbb311b
Author: Aaron LI <aly@aaronly.me>
AuthorDate: 2024-01-17 23:29:23 +0000
Commit: Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2024-01-30 05:37:33 +0000
if_wg: fix access to noise_local->l_has_identity and l_private
These members are protected by the identity lock, so rlock it in
noise_remote_alloc() and then assert that we have it held to some extent
in noise_precompute_ss().
PR: 276392
(cherry picked from commit 7a4d1d1df0b2e369adcb32aea9ef8c180f885751)
---
sys/dev/wg/wg_noise.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/sys/dev/wg/wg_noise.c b/sys/dev/wg/wg_noise.c
index 3db74ac9580f..a727a2f99d15 100644
--- a/sys/dev/wg/wg_noise.c
+++ b/sys/dev/wg/wg_noise.c
@@ -281,6 +281,7 @@ noise_local_keys(struct noise_local *l, uint8_t public[NOISE_PUBLIC_KEY_LEN],
static void
noise_precompute_ss(struct noise_local *l, struct noise_remote *r)
{
+ rw_assert(&l->l_identity_lock, RA_LOCKED);
rw_wlock(&r->r_handshake_lock);
if (!l->l_has_identity ||
!curve25519(r->r_ss, l->l_private, r->r_public))
@@ -302,7 +303,10 @@ noise_remote_alloc(struct noise_local *l, void *arg,
r->r_handshake_state = HANDSHAKE_DEAD;
r->r_last_sent = TIMER_RESET;
r->r_last_init_recv = TIMER_RESET;
+
+ rw_rlock(&l->l_identity_lock);
noise_precompute_ss(l, r);
+ rw_runlock(&l->l_identity_lock);
refcount_init(&r->r_refcnt, 1);
r->r_local = noise_local_ref(l);