Hesham/wireguard-go
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

device: lock elem in autodraining queue before freeing

Browse Source 
Without this, we wind up freeing packets that the encryption/decryption
queues still have, resulting in a UaF.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
Jason A. Donenfeld 2021-02-09 15:00:59 +01:00
parent 6548a682a9
commit 4b5d15ec2b
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
device/channels.go
View File

@ -89,6 +89,7 @@ func newAutodrainingInboundQueue(device *Device) chan *QueueInboundElement {
if elem == nil {
continue
}
elem.Lock()
device.PutMessageBuffer(elem.buffer)
device.PutInboundElement(elem)
default:
@ -118,6 +119,7 @@ func newAutodrainingOutboundQueue(device *Device) chan *QueueOutboundElement {
if elem == nil {
continue
}
elem.Lock()
device.PutMessageBuffer(elem.buffer)
device.PutOutboundElement(elem)
default: