summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJon Loeliger <jdl@netgate.com>2022-03-10 11:23:27 -0600
committerMatthew Smith <mgsmith@netgate.com>2022-03-21 16:25:21 +0000
commitd23c55fa56a0f564be290f9f301094fd5ba45361 (patch)
tree338a4b3c20a20c05ce231baafd742ea7d39573da
parentf47917959872afe2aff464343944bbffee545308 (diff)
wireguard: dont stacksmash bad peer base64 keys
Just like commit 252647482b24bb3474e8f13bc86100718176832f did for Wireguard interface keys, prevent stack smashing the peer keys. Integer math on 32 bytes of base64 data might yield 33 bytes of data in some poorly formed user input of private key values. Rather than smashing the stack (detected) and aborting, simply allow for the possible yet irrelevant 33-rd byte of data. Type: fix Fixes: edca1325cf296bd0f5ff422fc12de2ce7a7bad88 Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: I9f77b3faaaa01d3123b356c958db60c87238db9c
-rw-r--r--src/plugins/wireguard/wireguard_cli.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/plugins/wireguard/wireguard_cli.c b/src/plugins/wireguard/wireguard_cli.c
index 02c2e39eb45..214e6a5e2b4 100644
--- a/src/plugins/wireguard/wireguard_cli.c
+++ b/src/plugins/wireguard/wireguard_cli.c
@@ -162,7 +162,7 @@ wg_peer_add_command_fn (vlib_main_t * vm,
unformat_input_t _line_input, *line_input = &_line_input;
u8 *public_key_64 = 0;
- u8 public_key[NOISE_PUBLIC_KEY_LEN];
+ u8 public_key[NOISE_PUBLIC_KEY_LEN + 1];
fib_prefix_t allowed_ip, *allowed_ips = NULL;
ip_prefix_t pfx;
ip_address_t ip;