wg: abstract sockets are dangerous
They have no permissions, so we're probably better off just creating a socket file with the umask set, as we do in BSD. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
parent
b318e81cd0
commit
a773a23c75
29
src/ipc.c
29
src/ipc.c
|
@ -80,7 +80,6 @@ static int add_next_to_inflatable_buffer(struct inflatable_buffer *buffer)
|
|||
return 0;
|
||||
}
|
||||
|
||||
#ifndef __linux__
|
||||
static void close_and_unlink(int fd)
|
||||
{
|
||||
struct sockaddr_un addr;
|
||||
|
@ -90,16 +89,12 @@ static void close_and_unlink(int fd)
|
|||
unlink(addr.sun_path);
|
||||
close(fd);
|
||||
}
|
||||
#endif
|
||||
|
||||
static int userspace_interface_fd(const char *interface)
|
||||
{
|
||||
struct stat sbuf;
|
||||
struct sockaddr_un addr = { .sun_family = AF_UNIX };
|
||||
#ifndef __linux__
|
||||
struct sockaddr_un bind_addr = { .sun_family = AF_UNIX };
|
||||
struct sockaddr_un addr = { .sun_family = AF_UNIX }, bind_addr = { .sun_family = AF_UNIX };
|
||||
mode_t old_umask;
|
||||
#endif
|
||||
int fd = -1, ret;
|
||||
|
||||
ret = -EINVAL;
|
||||
|
@ -108,12 +103,10 @@ static int userspace_interface_fd(const char *interface)
|
|||
ret = snprintf(addr.sun_path, sizeof(addr.sun_path) - 1, SOCK_PATH "%s" SOCK_SUFFIX, interface);
|
||||
if (ret < 0)
|
||||
goto out;
|
||||
#ifndef __linux__
|
||||
ret = snprintf(bind_addr.sun_path, sizeof(bind_addr.sun_path) - 1, SOCK_PATH ".wg-tool-%s-%d.client", interface, getpid());
|
||||
if (ret < 0)
|
||||
goto out;
|
||||
unlink(bind_addr.sun_path);
|
||||
#endif
|
||||
ret = stat(addr.sun_path, &sbuf);
|
||||
if (ret < 0)
|
||||
goto out;
|
||||
|
@ -124,13 +117,9 @@ static int userspace_interface_fd(const char *interface)
|
|||
ret = fd = socket(AF_UNIX, SOCK_DGRAM, 0);
|
||||
if (ret < 0)
|
||||
goto out;
|
||||
#ifdef __linux__
|
||||
ret = bind(fd, (struct sockaddr *)&addr, sizeof(sa_family_t));
|
||||
#else
|
||||
old_umask = umask(0077);
|
||||
ret = bind(fd, (struct sockaddr *)&bind_addr, sizeof(bind_addr));
|
||||
umask(old_umask);
|
||||
#endif
|
||||
if (ret < 0)
|
||||
goto out;
|
||||
|
||||
|
@ -142,11 +131,7 @@ static int userspace_interface_fd(const char *interface)
|
|||
}
|
||||
out:
|
||||
if (ret && fd >= 0)
|
||||
#ifdef __linux__
|
||||
close(fd);
|
||||
#else
|
||||
close_and_unlink(fd);
|
||||
#endif
|
||||
if (!ret)
|
||||
ret = fd;
|
||||
return ret;
|
||||
|
@ -157,11 +142,7 @@ static bool userspace_has_wireguard_interface(const char *interface)
|
|||
int fd = userspace_interface_fd(interface);
|
||||
if (fd < 0)
|
||||
return false;
|
||||
#ifdef __linux__
|
||||
close(fd);
|
||||
#else
|
||||
close_and_unlink(fd);
|
||||
#endif
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -219,11 +200,7 @@ static int userspace_set_device(struct wgdevice *dev)
|
|||
goto out;
|
||||
ret = ret_code;
|
||||
out:
|
||||
#ifdef __linux__
|
||||
close(fd);
|
||||
#else
|
||||
close_and_unlink(fd);
|
||||
#endif
|
||||
return (int)ret;
|
||||
}
|
||||
|
||||
|
@ -273,11 +250,7 @@ static int userspace_get_device(struct wgdevice **dev, const char *interface)
|
|||
out:
|
||||
if (*dev && ret)
|
||||
free(*dev);
|
||||
#ifdef __linux__
|
||||
close(fd);
|
||||
#else
|
||||
close_and_unlink(fd);
|
||||
#endif
|
||||
errno = -ret;
|
||||
return ret;
|
||||
}
|
||||
|
|
Reference in New Issue