NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
PR/60349 CVS commit: [netbsd-11] src
The following reply was made to PR kern/60349; it has been noted by GNATS.
From: "Martin Husemann" <martin%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc:
Subject: PR/60349 CVS commit: [netbsd-11] src
Date: Sat, 27 Jun 2026 14:54:26 +0000
Module Name: src
Committed By: martin
Date: Sat Jun 27 14:54:25 UTC 2026
Modified Files:
src/sys/net [netbsd-11]: if_wg.c
src/tests/net/if_wg [netbsd-11]: common.sh t_basic.sh t_misc.sh
Log Message:
Pull up following revision(s) (requested by riastradh in ticket #329):
tests/net/if_wg/t_misc.sh: revision 1.17
tests/net/if_wg/t_misc.sh: revision 1.18
sys/net/if_wg.c: revision 1.136
tests/net/if_wg/t_basic.sh: revision 1.7
sys/net/if_wg.c: revision 1.137
tests/net/if_wg/t_basic.sh: revision 1.8
sys/net/if_wg.c: revision 1.138
tests/net/if_wg/t_basic.sh: revision 1.9
tests/net/if_wg/common.sh: revision 1.2
wg(4): Add test case for bad peer public keys.
wg(4) should not crash on an assertion if they are used -- it should
just gracefully accept them, with degraded security, since a peer
that maliciously provides an invalid public key is no worse than a
peer that voluntarily exposes all its plaintext anyway.
PR kern/60106: wg(4) should properly handle invalid or insecure
ephemeral Curve25119 public keys
wg(4): Add test case for bad ephemeral handshake public keys.
wg(4) should not crash on an assertion if they appear on the network;
it should just gracefully drop them as forgeries, if a MITM attempted
to send them without knowledge of a peer's public key, or accept
them, if a peer legitimately sent them, since that peer could just as
well simply forward the plaintext of the session on to the NSA.
PR kern/60106: wg(4) should properly handle invalid or insecure
ephemeral Curve25119 public keys
wg(4): Add a test case for too many allowed IP address ranges.
PR kern/60232: kernel panic when adding a wireguard peer with too
many allowed IP addresses
wg(4): Drop KASSERT on result of crypto_scalarmult.
The result of this check is not relevant to security of the protocol,
either for static peer identity keys or for ephemeral handshake keys.
See comments for details.
We can't simply write
(void)crypto_scalarmult(...);
because the function was tagged with warn_unused_result. And
apparently libsodium may leave the output uninitialized if the check
fails. So just yield zero instead of stack garbage / UB -- stack
garbage is probably actually fine since it is immediately hashed into
something that won't match anything so downstream logic will just drop
it, but UB might invite nefarious compilers to cause trouble.
PR security/60106: wg(4) should properly handle invalid or insecure
ephemeral Curve25119 public keys
wg(4): Gracefully refuse excess allowed IP address ranges.
PR kern/60232: kernel panic when adding a wireguard peer with too
many allowed IP addresses
wg(4): Don't leak a prop_dictionary_t on every ioctl!
PR kern/60349: experimental wg(4) leaks memory on ioctl
To generate a diff of this commit:
cvs rdiff -u -r1.135 -r1.135.2.1 src/sys/net/if_wg.c
cvs rdiff -u -r1.1 -r1.1.10.1 src/tests/net/if_wg/common.sh
cvs rdiff -u -r1.6 -r1.6.2.1 src/tests/net/if_wg/t_basic.sh
cvs rdiff -u -r1.16 -r1.16.2.1 src/tests/net/if_wg/t_misc.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index