wireguard: dont stacksmash bad peer base64 keys

Just like commit 252647482b24bb3474e8f13bc86100718176832f
did for Wireguard interface keys, prevent stack smashing
the peer keys.

Integer math on 32 bytes of base64 data might yield 33 bytes
of data in some poorly formed user input of private key values.
Rather than smashing the stack (detected) and aborting, simply
allow for the possible yet irrelevant 33-rd byte of data.

Type: fix
Fixes: edca1325cf296bd0f5ff422fc12de2ce7a7bad88
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: I9f77b3faaaa01d3123b356c958db60c87238db9c

diff --git a/src/plugins/wireguard/wireguard_cli.c b/src/plugins/wireguard/wireguard_cli.c
index 02c2e39..214e6a5 100644 (file)
--- a/src/plugins/wireguard/wireguard_cli.c
+++ b/src/plugins/wireguard/wireguard_cli.c
@@ -162,7 +162,7 @@ wg_peer_add_command_fn (vlib_main_t * vm,
   unformat_input_t _line_input, *line_input = &_line_input;
 
   u8 *public_key_64 = 0;
-  u8 public_key[NOISE_PUBLIC_KEY_LEN];
+  u8 public_key[NOISE_PUBLIC_KEY_LEN + 1];
   fib_prefix_t allowed_ip, *allowed_ips = NULL;
   ip_prefix_t pfx;
   ip_address_t ip;