git: 08c0976fdce9 - stable/13 - Merge commit '93bf91b4012a28610672d2266366dfa0a663b70f' into HEAD
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 13 Nov 2022 05:38:04 UTC
The branch stable/13 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=08c0976fdce9f0fadb816c3506b5ed1b4dfc0ed1 commit 08c0976fdce9f0fadb816c3506b5ed1b4dfc0ed1 Author: Kyle Evans <kevans@FreeBSD.org> AuthorDate: 2022-11-05 03:46:21 +0000 Commit: Kyle Evans <kevans@FreeBSD.org> CommitDate: 2022-11-13 05:37:05 +0000 Merge commit '93bf91b4012a28610672d2266366dfa0a663b70f' into HEAD This fixes a warning in wireguard-tools, as well as two issues pointed out by FreeBSD's Coverity instance. CID: 1500405, 1500421 (cherry picked from commit 2cb43631ab122ee0b2a3a101003b73415a9bf963) --- contrib/wireguard-tools/.gitignore | 5 +++++ contrib/wireguard-tools/ipc-freebsd.h | 22 ++++++++++++++++------ contrib/wireguard-tools/show.c | 2 +- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/contrib/wireguard-tools/.gitignore b/contrib/wireguard-tools/.gitignore index 4343ea95a0a2..12b1f78af874 100644 --- a/contrib/wireguard-tools/.gitignore +++ b/contrib/wireguard-tools/.gitignore @@ -14,3 +14,8 @@ ipc-linux.h ipc-openbsd.h man/wg-quick.8 systemd/ + +# Build artifacts +wg +*.d +*.o diff --git a/contrib/wireguard-tools/ipc-freebsd.h b/contrib/wireguard-tools/ipc-freebsd.h index b5be15b82140..fa74edda5a3d 100644 --- a/contrib/wireguard-tools/ipc-freebsd.h +++ b/contrib/wireguard-tools/ipc-freebsd.h @@ -4,6 +4,7 @@ * */ +#include <assert.h> #include <sys/nv.h> #include <sys/sockio.h> #include <dev/wg/if_wg.h> @@ -118,7 +119,7 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname) goto skip_peers; for (i = 0; i < peer_count; ++i) { struct wgpeer *peer; - struct wgallowedip *aip; + struct wgallowedip *aip = NULL; const nvlist_t *const *nvl_aips; size_t aip_count, j; @@ -169,11 +170,13 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname) if (!aip_count || !nvl_aips) goto skip_allowed_ips; for (j = 0; j < aip_count; ++j) { + if (!nvlist_exists_number(nvl_aips[j], "cidr")) + continue; + if (!nvlist_exists_binary(nvl_aips[j], "ipv4") && !nvlist_exists_binary(nvl_aips[j], "ipv6")) + continue; aip = calloc(1, sizeof(*aip)); if (!aip) goto err_allowed_ips; - if (!nvlist_exists_number(nvl_aips[j], "cidr")) - continue; number = nvlist_get_number(nvl_aips[j], "cidr"); if (nvlist_exists_binary(nvl_aips[j], "ipv4")) { binary = nvlist_get_binary(nvl_aips[j], "ipv4", &size); @@ -184,7 +187,8 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname) aip->family = AF_INET; aip->cidr = number; memcpy(&aip->ip4, binary, sizeof(aip->ip4)); - } else if (nvlist_exists_binary(nvl_aips[j], "ipv6")) { + } else { + assert(nvlist_exists_binary(nvl_aips[j], "ipv6")); binary = nvlist_get_binary(nvl_aips[j], "ipv6", &size); if (!binary || number > 128) { ret = EINVAL; @@ -193,14 +197,14 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname) aip->family = AF_INET6; aip->cidr = number; memcpy(&aip->ip6, binary, sizeof(aip->ip6)); - } else - continue; + } if (!peer->first_allowedip) peer->first_allowedip = aip; else peer->last_allowedip->next_allowedip = aip; peer->last_allowedip = aip; + aip = NULL; continue; err_allowed_ips: @@ -209,6 +213,9 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname) free(aip); goto err_peer; } + + /* Nothing leaked, hopefully -- ownership transferred or aip freed. */ + assert(aip == NULL); skip_allowed_ips: if (!dev->first_peer) dev->first_peer = peer; @@ -322,6 +329,7 @@ static int kernel_set_device(struct wgdevice *dev) nvlist_destroy(nvl_aips[j]); free(nvl_aips); nvlist_destroy(nvl_peers[i]); + nvl_peers[i] = NULL; goto err; } if (i) { @@ -329,9 +337,11 @@ static int kernel_set_device(struct wgdevice *dev) for (i = 0; i < peer_count; ++i) nvlist_destroy(nvl_peers[i]); free(nvl_peers); + nvl_peers = NULL; } wgd.wgd_data = nvlist_pack(nvl_device, &wgd.wgd_size); nvlist_destroy(nvl_device); + nvl_device = NULL; if (!wgd.wgd_data) goto err; s = get_dgram_socket(); diff --git a/contrib/wireguard-tools/show.c b/contrib/wireguard-tools/show.c index a61a06ef0646..3fd3d9e2a151 100644 --- a/contrib/wireguard-tools/show.c +++ b/contrib/wireguard-tools/show.c @@ -27,7 +27,7 @@ static int peer_cmp(const void *first, const void *second) { time_t diff; - const struct wgpeer *a = *(const void **)first, *b = *(const void **)second; + const struct wgpeer *a = *(void *const *)first, *b = *(void *const *)second; if (!a->last_handshake_time.tv_sec && !a->last_handshake_time.tv_nsec && (b->last_handshake_time.tv_sec || b->last_handshake_time.tv_nsec)) return 1;