wireguard: prevent segfault on non-adj packets

An unexpected packet that shows up on a Wireguard interace
that happens not to have a forwarding peer will cause a
segfault trying to index the vector of peers by adjacency.
Rather than segfaulting, recognize a non-adjacent packet
and drop it instead.

This leaves open the question of what _should_ be
happening to, say, IPv6 multicast packets.

Signed-off-by: Jon Loeliger <jdl@netgate.com>
Type: fix
Fixes: edca1325cf
Change-Id: Ic0a29e6cf6fe812a4895ec11bedcca86c62e590b

src/plugins/wireguard/wireguard_output_tun.c

@@ -371,6 +371,11 @@ wg_output_tun_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
       if (PREDICT_FALSE (last_adj_index != adj_index))
 	{
 	  peeri = wg_peer_get_by_adj_index (adj_index);
+	  if (peeri == INDEX_INVALID)
+	    {
+	      b[0]->error = node->errors[WG_OUTPUT_ERROR_PEER];
+	      goto out;
+	    }
 	  peer = wg_peer_get (peeri);
 	}
 

src/plugins/wireguard/wireguard_peer.h

@@ -166,6 +166,8 @@ wg_peer_get (index_t peeri)
 static inline index_t
 wg_peer_get_by_adj_index (index_t ai)
 {
+  if (ai > vec_len (wg_peer_by_adj_index))
+    return INDEX_INVALID;
   return (wg_peer_by_adj_index[ai]);
 }