git: df554850858f - main - wg_input: avoid leaking due to an m_defrag failure
Kyle Evans
kevans at FreeBSD.org
Mon Mar 8 06:22:42 UTC 2021
The branch main has been updated by kevans:
URL: https://cgit.FreeBSD.org/src/commit/?id=df554850858f59fd9d54c25a96bb7dfc4237fa70
commit df554850858f59fd9d54c25a96bb7dfc4237fa70
Author: Kyle Evans <kevans at FreeBSD.org>
AuthorDate: 2021-03-08 02:49:00 +0000
Commit: Kyle Evans <kevans at FreeBSD.org>
CommitDate: 2021-03-08 06:21:23 +0000
wg_input: avoid leaking due to an m_defrag failure
m_defrag() will not free the chain on failure, leaking the mbuf.
Obtained from: OpenBSD
MFC after: 3 days
---
sys/dev/if_wg/module/if_wg_session.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/sys/dev/if_wg/module/if_wg_session.c b/sys/dev/if_wg/module/if_wg_session.c
index 084bc789039d..cb2a88812855 100644
--- a/sys/dev/if_wg/module/if_wg_session.c
+++ b/sys/dev/if_wg/module/if_wg_session.c
@@ -1905,7 +1905,13 @@ wg_input(struct mbuf *m0, int offset, struct inpcb *inpcb,
m_adj(m0, hlen);
- if ((m = m_defrag(m0, M_NOWAIT)) == NULL) {
+ /*
+ * Ensure mbuf is contiguous over full length of the packet. This is
+ * done so that we can directly read the handshake values in
+ * wg_handshake, and so we can decrypt a transport packet by passing a
+ * a single buffer to noise_remote_decrypt() in wg_decap.
+ */
+ if ((m = m_pullup(m0, m0->m_pkthdr.len)) == NULL) {
DPRINTF(sc, "DEFRAG fail\n");
return;
}
More information about the dev-commits-src-all
mailing list