• Thomas Haller's avatar
    platform/wireguard: rework parsing wireguard links in platform · 62d14e18
    Thomas Haller authored
    - previously, parsing wireguard genl data resulted in memory corruption:
    
      - _wireguard_update_from_allowedips_nla() takes pointers to
    
          allowedip = &g_array_index (buf->allowedips, NMWireGuardAllowedIP, buf->allowedips->len - 1);
    
        but resizing the GArray will invalidate this pointer. This happens
        when there are multiple allowed-ips to parse.
    
      - there was some confusion who owned the allowedips pointers.
        _wireguard_peers_cpy() and _vt_cmd_obj_dispose_lnk_wireguard()
        assumed each peer owned their own chunk, but _wireguard_get_link_properties()
        would not duplicate the memory properly.
    
    - rework memory handling for allowed_ips. Now, the NMPObjectLnkWireGuard
      keeps a pointer _allowed_ips_buf. This buffer contains the instances for
      all peers.
      The parsing of the netlink message is the complicated part, because
      we don't know upfront how many peers/allowed-ips we receive. During
      construction, the tracking of peers/allowed-ips is complicated,
      via a CList/GArray. At the end of that, we prettify the data
      representation and put everything into two buffers. That is more
      efficient and simpler for user afterwards. This moves complexity
      to the way how the object is created, vs. how it is used later.
    
    - ensure that we nm_explicit_bzero() private-key and preshared-key. However,
      that only works to a certain point, because our netlink library does not
      ensure that no data is leaked.
    
    - don't use a "struct sockaddr" union for the peer's endpoint. Instead,
      use a combintation of endpoint_family, endpoint_port, and
      endpoint_addr.
    
    - a lot of refactoring.
    62d14e18
nmp-object.c 113 KB