diff options
| author | Thomas Haller <thaller@redhat.com> | 2018-09-07 09:54:07 +0200 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2018-09-07 11:24:17 +0200 |
| commit | 62d14e188489fab4ea8b20527925b47dc2c15f40 (patch) | |
| tree | f3d3af0260126245593f951b1e65246ec4113984 /shared | |
| parent | cb23779e0acd1b7db3c9f5367ac03f3bc76a562c (diff) | |
platform/wireguard: rework parsing wireguard links in platform
- previously, parsing wireguard genl data resulted in memory corruption:
- _wireguard_update_from_allowedips_nla() takes pointers to
allowedip = &g_array_index (buf->allowedips, NMWireGuardAllowedIP, buf->allowedips->len - 1);
but resizing the GArray will invalidate this pointer. This happens
when there are multiple allowed-ips to parse.
- there was some confusion who owned the allowedips pointers.
_wireguard_peers_cpy() and _vt_cmd_obj_dispose_lnk_wireguard()
assumed each peer owned their own chunk, but _wireguard_get_link_properties()
would not duplicate the memory properly.
- rework memory handling for allowed_ips. Now, the NMPObjectLnkWireGuard
keeps a pointer _allowed_ips_buf. This buffer contains the instances for
all peers.
The parsing of the netlink message is the complicated part, because
we don't know upfront how many peers/allowed-ips we receive. During
construction, the tracking of peers/allowed-ips is complicated,
via a CList/GArray. At the end of that, we prettify the data
representation and put everything into two buffers. That is more
efficient and simpler for user afterwards. This moves complexity
to the way how the object is created, vs. how it is used later.
- ensure that we nm_explicit_bzero() private-key and preshared-key. However,
that only works to a certain point, because our netlink library does not
ensure that no data is leaked.
- don't use a "struct sockaddr" union for the peer's endpoint. Instead,
use a combintation of endpoint_family, endpoint_port, and
endpoint_addr.
- a lot of refactoring.
Diffstat (limited to 'shared')
| -rw-r--r-- | shared/nm-utils/nm-hash-utils.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/shared/nm-utils/nm-hash-utils.h b/shared/nm-utils/nm-hash-utils.h index 7d9620b96..b797fb75a 100644 --- a/shared/nm-utils/nm-hash-utils.h +++ b/shared/nm-utils/nm-hash-utils.h @@ -57,6 +57,11 @@ nm_hash_update (NMHashState *state, const void *ptr, gsize n) nm_assert (ptr); nm_assert (n > 0); + /* Note: the data passed in here might be sensitive data (secrets), + * that we should nm_explicty_zero() afterwards. However, since + * we are using siphash24 with a random key, that is not really + * necessary. Something to keep in mind, if we ever move away from + * this hash implementation. */ c_siphash_append (&state->_state, ptr, n); } |