wireguard: prevent segfault on non-adj packets

An unexpected packet that shows up on a Wireguard interace
that happens not to have a forwarding peer will cause a
segfault trying to index the vector of peers by adjacency.
Rather than segfaulting, recognize a non-adjacent packet
and drop it instead.

This leaves open the question of what _should_ be
happening to, say, IPv6 multicast packets.

Signed-off-by: Jon Loeliger <jdl@netgate.com>
Type: fix
Fixes: edca1325cf296bd0f5ff422fc12de2ce7a7bad88
Change-Id: Ic0a29e6cf6fe812a4895ec11bedcca86c62e590b

diff --git a/src/plugins/wireguard/wireguard_output_tun.c b/src/plugins/wireguard/wireguard_output_tun.c
index 14df692..64aaba7 100644 (file)
--- a/src/plugins/wireguard/wireguard_output_tun.c
+++ b/src/plugins/wireguard/wireguard_output_tun.c
@@ -371,6 +371,11 @@ wg_output_tun_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
       if (PREDICT_FALSE (last_adj_index != adj_index))
        {
          peeri = wg_peer_get_by_adj_index (adj_index);
+         if (peeri == INDEX_INVALID)
+           {
+             b[0]->error = node->errors[WG_OUTPUT_ERROR_PEER];
+             goto out;
+           }
          peer = wg_peer_get (peeri);
        }
 

diff --git a/src/plugins/wireguard/wireguard_peer.h b/src/plugins/wireguard/wireguard_peer.h
index 1af5799..f3d80fb 100644 (file)
--- a/src/plugins/wireguard/wireguard_peer.h
+++ b/src/plugins/wireguard/wireguard_peer.h
@@ -166,6 +166,8 @@ wg_peer_get (index_t peeri)
 static inline index_t
 wg_peer_get_by_adj_index (index_t ai)
 {
+  if (ai > vec_len (wg_peer_by_adj_index))
+    return INDEX_INVALID;
   return (wg_peer_by_adj_index[ai]);
 }