bateast/wireguard-tools
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

wg: abstract sockets are dangerous

Browse Source 
They have no permissions, so we're probably better off just creating a
socket file with the umask set, as we do in BSD.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
Jason A. Donenfeld 2016-07-21 12:27:54 +02:00
parent b318e81cd0
commit a773a23c75
1 changed files with 1 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/ipc.c
View File

@ -80,7 +80,6 @@ static int add_next_to_inflatable_buffer(struct inflatable_buffer *buffer)
return 0;
}
#ifndef __linux__
static void close_and_unlink(int fd)
{
struct sockaddr_un addr;
@ -90,16 +89,12 @@ static void close_and_unlink(int fd)
unlink(addr.sun_path);
close(fd);
}
#endif
static int userspace_interface_fd(const char *interface)
{
struct stat sbuf;
struct sockaddr_un addr = { .sun_family = AF_UNIX };
#ifndef __linux__
struct sockaddr_un bind_addr = { .sun_family = AF_UNIX };
struct sockaddr_un addr = { .sun_family = AF_UNIX }, bind_addr = { .sun_family = AF_UNIX };
mode_t old_umask;
#endif
int fd = -1, ret;
ret = -EINVAL;
@ -108,12 +103,10 @@ static int userspace_interface_fd(const char *interface)
ret = snprintf(addr.sun_path, sizeof(addr.sun_path) - 1, SOCK_PATH "%s" SOCK_SUFFIX, interface);
if (ret < 0)
goto out;
#ifndef __linux__
ret = snprintf(bind_addr.sun_path, sizeof(bind_addr.sun_path) - 1, SOCK_PATH ".wg-tool-%s-%d.client", interface, getpid());
if (ret < 0)
goto out;
unlink(bind_addr.sun_path);
#endif
ret = stat(addr.sun_path, &sbuf);
if (ret < 0)
goto out;
@ -124,13 +117,9 @@ static int userspace_interface_fd(const char *interface)
ret = fd = socket(AF_UNIX, SOCK_DGRAM, 0);
if (ret < 0)
goto out;
#ifdef __linux__
ret = bind(fd, (struct sockaddr *)&addr, sizeof(sa_family_t));
#else
old_umask = umask(0077);
ret = bind(fd, (struct sockaddr *)&bind_addr, sizeof(bind_addr));
umask(old_umask);
#endif
if (ret < 0)
goto out;
@ -142,11 +131,7 @@ static int userspace_interface_fd(const char *interface)
}
out:
if (ret && fd >= 0)
#ifdef __linux__
close(fd);
#else
close_and_unlink(fd);
#endif
if (!ret)
ret = fd;
return ret;
@ -157,11 +142,7 @@ static bool userspace_has_wireguard_interface(const char *interface)
int fd = userspace_interface_fd(interface);
if (fd < 0)
return false;
#ifdef __linux__
close(fd);
#else
close_and_unlink(fd);
#endif
return true;
}
@ -219,11 +200,7 @@ static int userspace_set_device(struct wgdevice *dev)
goto out;
ret = ret_code;
out:
#ifdef __linux__
close(fd);
#else
close_and_unlink(fd);
#endif
return (int)ret;
}
@ -273,11 +250,7 @@ static int userspace_get_device(struct wgdevice **dev, const char *interface)
out:
if (*dev && ret)
free(*dev);
#ifdef __linux__
close(fd);
#else
close_and_unlink(fd);
#endif
errno = -ret;
return ret;
}