An unexpected packet that shows up on a Wireguard interace
that happens not to have a forwarding peer will cause a
segfault trying to index the vector of peers by adjacency.
Rather than segfaulting, recognize a non-adjacent packet
and drop it instead.
This leaves open the question of what _should_ be
happening to, say, IPv6 multicast packets.
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Type: fix
Fixes:
edca1325cf296bd0f5ff422fc12de2ce7a7bad88
Change-Id: Ic0a29e6cf6fe812a4895ec11bedcca86c62e590b
if (PREDICT_FALSE (last_adj_index != adj_index))
{
peeri = wg_peer_get_by_adj_index (adj_index);
+ if (peeri == INDEX_INVALID)
+ {
+ b[0]->error = node->errors[WG_OUTPUT_ERROR_PEER];
+ goto out;
+ }
peer = wg_peer_get (peeri);
}
static inline index_t
wg_peer_get_by_adj_index (index_t ai)
{
+ if (ai > vec_len (wg_peer_by_adj_index))
+ return INDEX_INVALID;
return (wg_peer_by_adj_index[ai]);
}