summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJon Loeliger <jdl@netgate.com>2022-02-16 10:52:56 -0600
committerMatthew Smith <mgsmith@netgate.com>2022-02-22 18:21:41 +0000
commitd9d77076b01347dfc1dd98cee80a298729ce9b85 (patch)
tree00da8a595d601f14a0c9763472a22371b658772e /src
parent09cdea643aa181d833df15b8c96c3a812320761a (diff)
wireguard: prevent stacksmashing on poorly formed base64 keys
Integer math on 32 bytes of base64 data might yield 33 bytes of data in some poorly formed user input of private key values. Rather than smashing the stack (detected) and aborting, simply allow for the possible yet irrelevant 33-rd byte of data. Type: fix Fixes: edca1325cf296bd0f5ff422fc12de2ce7a7bad88 Change-Id: I42acfbf3e8fbb3d517e21c53d4f80459d4800e9d Signed-off-by: Jon Loeliger <jdl@netgate.com>
Diffstat (limited to 'src')
-rw-r--r--src/plugins/wireguard/wireguard_cli.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/plugins/wireguard/wireguard_cli.c b/src/plugins/wireguard/wireguard_cli.c
index 5e0b7243a83..02c2e39eb45 100644
--- a/src/plugins/wireguard/wireguard_cli.c
+++ b/src/plugins/wireguard/wireguard_cli.c
@@ -25,7 +25,7 @@ wg_if_create_cli (vlib_main_t * vm,
{
wg_main_t *wmp = &wg_main;
unformat_input_t _line_input, *line_input = &_line_input;
- u8 private_key[NOISE_PUBLIC_KEY_LEN];
+ u8 private_key[NOISE_PUBLIC_KEY_LEN + 1];
u32 instance, sw_if_index;
ip_address_t src_ip;
clib_error_t *error;