NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
bin/60392: assertion "mbuflen >= sizeof(struct wg_msg)" failed
>Number: 60392
>Category: bin
>Synopsis: assertion "mbuflen >= sizeof(struct wg_msg)" failed
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Jul 01 23:15:00 +0000 2026
>Originator: Taylor R Campbell
>Release: current, 11, 10
>Organization:
The ZeroBSD Foundatagram, Inc.
>Environment:
>Description:
The kernel wg(4) implementation drops any incoming UDP packets
of size smaller than sizeof(struct wg_msg) (4 bytes), but the
userland librumpnet_wg.so is missing this check.
Fortunately, the userland librumpnet_wg.so is always built with
DIAGNOSTIC enabled, and we have an assertion about the size
before we read past the end of the buffer, so there is no harm
here beyond wg-userspace crashing.
>How-To-Repeat:
1. start wg-userspace
2. send a zero-, one-, two-, or three-byte UDP packet to it
3. ???
4. profit
>Fix:
reject <4-byte packets in rumpkern_wg_recv_peer
Home |
Main Index |
Thread Index |
Old Index