ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wireguard: dont stacksmash bad peer base64 keys

Browse Source 
Just like commit 252647482b24bb3474e8f13bc86100718176832f
did for Wireguard interface keys, prevent stack smashing
the peer keys.

Integer math on 32 bytes of base64 data might yield 33 bytes
of data in some poorly formed user input of private key values.
Rather than smashing the stack (detected) and aborting, simply
allow for the possible yet irrelevant 33-rd byte of data.

Type: fix
Fixes: edca1325cf
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: I9f77b3faaaa01d3123b356c958db60c87238db9c
This commit is contained in:
Jon Loeliger
2022-03-10 11:23:27 -06:00
committed by Matthew Smith
parent f479179598
commit d23c55fa56
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/plugins/wireguard/wireguard_cli.c
View File

@ -162,7 +162,7 @@ wg_peer_add_command_fn (vlib_main_t * vm,
unformat_input_t _line_input, *line_input = &_line_input;
u8 *public_key_64 = 0;
u8 public_key[NOISE_PUBLIC_KEY_LEN];
u8 public_key[NOISE_PUBLIC_KEY_LEN + 1];
fib_prefix_t allowed_ip, *allowed_ips = NULL;
ip_prefix_t pfx;
ip_address_t ip;