diff options
| author | Jakub Kicinski <kuba@kernel.org> | 2022-03-30 19:14:11 -0700 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2022-03-30 19:14:12 -0700 |
| commit | 7623627b41ca77b0e1031465774b143db1c3331b (patch) | |
| tree | 5e36a557dc4cecd3a1926c7c8718905104f2a26d /drivers/net/wireguard/socket.c | |
| parent | 0c854e53be0cb97653f9bba38a65d3c7221f7a83 (diff) | |
| parent | 39229b62273de0d2cd316e7625cd1f82512345e7 (diff) | |
| download | wireguard-linux-trimmed-7623627b41ca77b0e1031465774b143db1c3331b.tar.gz wireguard-linux-trimmed-7623627b41ca77b0e1031465774b143db1c3331b.zip | |
Merge branch 'wireguard-patches-for-5-18-rc1'
Jason A. Donenfeld says:
====================
wireguard patches for 5.18-rc1
Here's a small set of fixes for the next net push:
1) Pipacs reported a CFI violation in a cleanup routine, which he
triggered using grsec's RAP. I haven't seen reports of this yet from
the Android/CFI world yet, but it's only a matter of time there.
2) A small rng cleanup to the self test harness to make it initialize
faster on 5.18.
3) Wang reported and fixed a skb leak for CONFIG_IPV6=n.
4) After Wang's fix for the direct leak, I investigated how that code
path even could be hit, and found that the netlink layer still
handles IPv6 endpoints, when it probably shouldn't.
====================
Link: https://lore.kernel.org/r/20220330013127.426620-1-Jason@zx2c4.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'drivers/net/wireguard/socket.c')
| -rw-r--r-- | drivers/net/wireguard/socket.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/drivers/net/wireguard/socket.c b/drivers/net/wireguard/socket.c index 6f07b94..0414d7a 100644 --- a/drivers/net/wireguard/socket.c +++ b/drivers/net/wireguard/socket.c @@ -160,6 +160,7 @@ out: rcu_read_unlock_bh(); return ret; #else + kfree_skb(skb); return -EAFNOSUPPORT; #endif } @@ -241,7 +242,7 @@ int wg_socket_endpoint_from_skb(struct endpoint *endpoint, endpoint->addr4.sin_addr.s_addr = ip_hdr(skb)->saddr; endpoint->src4.s_addr = ip_hdr(skb)->daddr; endpoint->src_if4 = skb->skb_iif; - } else if (skb->protocol == htons(ETH_P_IPV6)) { + } else if (IS_ENABLED(CONFIG_IPV6) && skb->protocol == htons(ETH_P_IPV6)) { endpoint->addr6.sin6_family = AF_INET6; endpoint->addr6.sin6_port = udp_hdr(skb)->source; endpoint->addr6.sin6_addr = ipv6_hdr(skb)->saddr; @@ -284,7 +285,7 @@ void wg_socket_set_peer_endpoint(struct wg_peer *peer, peer->endpoint.addr4 = endpoint->addr4; peer->endpoint.src4 = endpoint->src4; peer->endpoint.src_if4 = endpoint->src_if4; - } else if (endpoint->addr.sa_family == AF_INET6) { + } else if (IS_ENABLED(CONFIG_IPV6) && endpoint->addr.sa_family == AF_INET6) { peer->endpoint.addr6 = endpoint->addr6; peer->endpoint.src6 = endpoint->src6; } else { |