Merge commit '93bf91b4012a28610672d2266366dfa0a663b70f' into HEAD

This fixes a warning in wireguard-tools, as well as two issues pointed out by
FreeBSD's Coverity instance.

CID:		1500405, 1500421
This commit is contained in:
Kyle Evans 2022-11-04 22:46:21 -05:00
commit 2cb43631ab
3 changed files with 22 additions and 7 deletions

View File

@ -14,3 +14,8 @@ ipc-linux.h
ipc-openbsd.h ipc-openbsd.h
man/wg-quick.8 man/wg-quick.8
systemd/ systemd/
# Build artifacts
wg
*.d
*.o

View File

@ -4,6 +4,7 @@
* *
*/ */
#include <assert.h>
#include <sys/nv.h> #include <sys/nv.h>
#include <sys/sockio.h> #include <sys/sockio.h>
#include <dev/wg/if_wg.h> #include <dev/wg/if_wg.h>
@ -118,7 +119,7 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
goto skip_peers; goto skip_peers;
for (i = 0; i < peer_count; ++i) { for (i = 0; i < peer_count; ++i) {
struct wgpeer *peer; struct wgpeer *peer;
struct wgallowedip *aip; struct wgallowedip *aip = NULL;
const nvlist_t *const *nvl_aips; const nvlist_t *const *nvl_aips;
size_t aip_count, j; size_t aip_count, j;
@ -169,11 +170,13 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
if (!aip_count || !nvl_aips) if (!aip_count || !nvl_aips)
goto skip_allowed_ips; goto skip_allowed_ips;
for (j = 0; j < aip_count; ++j) { for (j = 0; j < aip_count; ++j) {
if (!nvlist_exists_number(nvl_aips[j], "cidr"))
continue;
if (!nvlist_exists_binary(nvl_aips[j], "ipv4") && !nvlist_exists_binary(nvl_aips[j], "ipv6"))
continue;
aip = calloc(1, sizeof(*aip)); aip = calloc(1, sizeof(*aip));
if (!aip) if (!aip)
goto err_allowed_ips; goto err_allowed_ips;
if (!nvlist_exists_number(nvl_aips[j], "cidr"))
continue;
number = nvlist_get_number(nvl_aips[j], "cidr"); number = nvlist_get_number(nvl_aips[j], "cidr");
if (nvlist_exists_binary(nvl_aips[j], "ipv4")) { if (nvlist_exists_binary(nvl_aips[j], "ipv4")) {
binary = nvlist_get_binary(nvl_aips[j], "ipv4", &size); binary = nvlist_get_binary(nvl_aips[j], "ipv4", &size);
@ -184,7 +187,8 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
aip->family = AF_INET; aip->family = AF_INET;
aip->cidr = number; aip->cidr = number;
memcpy(&aip->ip4, binary, sizeof(aip->ip4)); memcpy(&aip->ip4, binary, sizeof(aip->ip4));
} else if (nvlist_exists_binary(nvl_aips[j], "ipv6")) { } else {
assert(nvlist_exists_binary(nvl_aips[j], "ipv6"));
binary = nvlist_get_binary(nvl_aips[j], "ipv6", &size); binary = nvlist_get_binary(nvl_aips[j], "ipv6", &size);
if (!binary || number > 128) { if (!binary || number > 128) {
ret = EINVAL; ret = EINVAL;
@ -193,14 +197,14 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
aip->family = AF_INET6; aip->family = AF_INET6;
aip->cidr = number; aip->cidr = number;
memcpy(&aip->ip6, binary, sizeof(aip->ip6)); memcpy(&aip->ip6, binary, sizeof(aip->ip6));
} else }
continue;
if (!peer->first_allowedip) if (!peer->first_allowedip)
peer->first_allowedip = aip; peer->first_allowedip = aip;
else else
peer->last_allowedip->next_allowedip = aip; peer->last_allowedip->next_allowedip = aip;
peer->last_allowedip = aip; peer->last_allowedip = aip;
aip = NULL;
continue; continue;
err_allowed_ips: err_allowed_ips:
@ -209,6 +213,9 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
free(aip); free(aip);
goto err_peer; goto err_peer;
} }
/* Nothing leaked, hopefully -- ownership transferred or aip freed. */
assert(aip == NULL);
skip_allowed_ips: skip_allowed_ips:
if (!dev->first_peer) if (!dev->first_peer)
dev->first_peer = peer; dev->first_peer = peer;
@ -322,6 +329,7 @@ static int kernel_set_device(struct wgdevice *dev)
nvlist_destroy(nvl_aips[j]); nvlist_destroy(nvl_aips[j]);
free(nvl_aips); free(nvl_aips);
nvlist_destroy(nvl_peers[i]); nvlist_destroy(nvl_peers[i]);
nvl_peers[i] = NULL;
goto err; goto err;
} }
if (i) { if (i) {
@ -329,9 +337,11 @@ static int kernel_set_device(struct wgdevice *dev)
for (i = 0; i < peer_count; ++i) for (i = 0; i < peer_count; ++i)
nvlist_destroy(nvl_peers[i]); nvlist_destroy(nvl_peers[i]);
free(nvl_peers); free(nvl_peers);
nvl_peers = NULL;
} }
wgd.wgd_data = nvlist_pack(nvl_device, &wgd.wgd_size); wgd.wgd_data = nvlist_pack(nvl_device, &wgd.wgd_size);
nvlist_destroy(nvl_device); nvlist_destroy(nvl_device);
nvl_device = NULL;
if (!wgd.wgd_data) if (!wgd.wgd_data)
goto err; goto err;
s = get_dgram_socket(); s = get_dgram_socket();

View File

@ -27,7 +27,7 @@
static int peer_cmp(const void *first, const void *second) static int peer_cmp(const void *first, const void *second)
{ {
time_t diff; time_t diff;
const struct wgpeer *a = *(const void **)first, *b = *(const void **)second; const struct wgpeer *a = *(void *const *)first, *b = *(void *const *)second;
if (!a->last_handshake_time.tv_sec && !a->last_handshake_time.tv_nsec && (b->last_handshake_time.tv_sec || b->last_handshake_time.tv_nsec)) if (!a->last_handshake_time.tv_sec && !a->last_handshake_time.tv_nsec && (b->last_handshake_time.tv_sec || b->last_handshake_time.tv_nsec))
return 1; return 1;