mirror of
https://github.com/amnezia-vpn/amneziawg-go.git
synced 2025-06-07 22:03:44 +02:00
add boundary checks before junk prepend&send
Signed-off-by: Mark Puha <marko10@inf.elte.hu>
This commit is contained in:
Mark Puha
parent
f0cc315e5b
commit
0be1878d38
2 changed files with 25 additions and 8 deletions
|
|
@ -133,6 +133,7 @@ func (peer *Peer) SendHandshakeInitiation(isRetry bool) error {
|
||||||
peer.device.log.Errorf("%v - %v", peer, err)
|
peer.device.log.Errorf("%v - %v", peer, err)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if peer.device.aSecCfg.initPacketJunkSize != 0 {
|
||||||
buf := make([]byte, 0, peer.device.aSecCfg.initPacketJunkSize)
|
buf := make([]byte, 0, peer.device.aSecCfg.initPacketJunkSize)
|
||||||
writer := bytes.NewBuffer(buf[:0])
|
writer := bytes.NewBuffer(buf[:0])
|
||||||
err = appendJunk(writer, peer.device.aSecCfg.initPacketJunkSize)
|
err = appendJunk(writer, peer.device.aSecCfg.initPacketJunkSize)
|
||||||
|
|
@ -142,6 +143,7 @@ func (peer *Peer) SendHandshakeInitiation(isRetry bool) error {
|
||||||
}
|
}
|
||||||
junkedHeader = writer.Bytes()
|
junkedHeader = writer.Bytes()
|
||||||
}
|
}
|
||||||
|
}
|
||||||
var buf [MessageInitiationSize]byte
|
var buf [MessageInitiationSize]byte
|
||||||
writer := bytes.NewBuffer(buf[:0])
|
writer := bytes.NewBuffer(buf[:0])
|
||||||
binary.Write(writer, binary.LittleEndian, msg)
|
binary.Write(writer, binary.LittleEndian, msg)
|
||||||
|
|
@ -182,7 +184,9 @@ func (peer *Peer) SendHandshakeResponse() error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
var junkedHeader []byte
|
var junkedHeader []byte
|
||||||
if peer.device.isAdvancedSecurityOn() {
|
if peer.device.isAdvancedSecurityOn() &&
|
||||||
|
peer.device.aSecCfg.responsePacketJunkSize != 0 {
|
||||||
|
|
||||||
buf := make([]byte, 0, peer.device.aSecCfg.responsePacketJunkSize)
|
buf := make([]byte, 0, peer.device.aSecCfg.responsePacketJunkSize)
|
||||||
writer := bytes.NewBuffer(buf[:0])
|
writer := bytes.NewBuffer(buf[:0])
|
||||||
err = appendJunk(writer, peer.device.aSecCfg.responsePacketJunkSize)
|
err = appendJunk(writer, peer.device.aSecCfg.responsePacketJunkSize)
|
||||||
|
|
@ -471,6 +475,10 @@ top:
|
||||||
}
|
}
|
||||||
|
|
||||||
func (peer *Peer) sendJunkPackets() error {
|
func (peer *Peer) sendJunkPackets() error {
|
||||||
|
if peer.device.aSecCfg.junkPacketCount == 0 {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
junks := make([][]byte, 0, peer.device.aSecCfg.junkPacketCount)
|
junks := make([][]byte, 0, peer.device.aSecCfg.junkPacketCount)
|
||||||
for i := 0; i < peer.device.aSecCfg.junkPacketCount; i++ {
|
for i := 0; i < peer.device.aSecCfg.junkPacketCount; i++ {
|
||||||
packetSize := rand.Intn(
|
packetSize := rand.Intn(
|
||||||
|
|
|
||||||
|
|
@ -303,6 +303,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
|
||||||
}
|
}
|
||||||
device.log.Verbosef("UAPI: Removing all peers")
|
device.log.Verbosef("UAPI: Removing all peers")
|
||||||
device.RemoveAllPeers()
|
device.RemoveAllPeers()
|
||||||
|
|
||||||
case "jc":
|
case "jc":
|
||||||
junkPacketCount, err := strconv.Atoi(value)
|
junkPacketCount, err := strconv.Atoi(value)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -319,6 +320,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
|
||||||
device.log.Verbosef("UAPI: Updating junk_packet_count")
|
device.log.Verbosef("UAPI: Updating junk_packet_count")
|
||||||
device.aSecCfg.isOn = true
|
device.aSecCfg.isOn = true
|
||||||
device.aSecCfg.junkPacketCount = junkPacketCount
|
device.aSecCfg.junkPacketCount = junkPacketCount
|
||||||
|
|
||||||
case "jmin":
|
case "jmin":
|
||||||
junkPacketMinSize, err := strconv.Atoi(value)
|
junkPacketMinSize, err := strconv.Atoi(value)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -331,6 +333,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
|
||||||
device.log.Verbosef("UAPI: Updating junk_packet_min_size")
|
device.log.Verbosef("UAPI: Updating junk_packet_min_size")
|
||||||
device.aSecCfg.isOn = true
|
device.aSecCfg.isOn = true
|
||||||
device.aSecCfg.junkPacketMinSize = junkPacketMinSize
|
device.aSecCfg.junkPacketMinSize = junkPacketMinSize
|
||||||
|
|
||||||
case "jmax":
|
case "jmax":
|
||||||
junkPacketMaxSize, err := strconv.Atoi(value)
|
junkPacketMaxSize, err := strconv.Atoi(value)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -350,6 +353,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
|
||||||
device.log.Verbosef("UAPI: Updating junk_packet_max_size")
|
device.log.Verbosef("UAPI: Updating junk_packet_max_size")
|
||||||
device.aSecCfg.isOn = true
|
device.aSecCfg.isOn = true
|
||||||
device.aSecCfg.junkPacketMaxSize = junkPacketMaxSize
|
device.aSecCfg.junkPacketMaxSize = junkPacketMaxSize
|
||||||
|
|
||||||
case "s1":
|
case "s1":
|
||||||
initPacketJunkSize, err := strconv.Atoi(value)
|
initPacketJunkSize, err := strconv.Atoi(value)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -370,6 +374,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
|
||||||
device.log.Verbosef("UAPI: Updating init_packet_junk_size")
|
device.log.Verbosef("UAPI: Updating init_packet_junk_size")
|
||||||
device.aSecCfg.isOn = true
|
device.aSecCfg.isOn = true
|
||||||
device.aSecCfg.initPacketJunkSize = initPacketJunkSize
|
device.aSecCfg.initPacketJunkSize = initPacketJunkSize
|
||||||
|
|
||||||
case "s2":
|
case "s2":
|
||||||
responsePacketJunkSize, err := strconv.Atoi(value)
|
responsePacketJunkSize, err := strconv.Atoi(value)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -391,6 +396,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
|
||||||
device.aSecCfg.isOn = true
|
device.aSecCfg.isOn = true
|
||||||
device.aSecCfg.responsePacketJunkSize = responsePacketJunkSize
|
device.aSecCfg.responsePacketJunkSize = responsePacketJunkSize
|
||||||
|
|
||||||
|
|
||||||
case "h1":
|
case "h1":
|
||||||
initPacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
|
initPacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -403,6 +409,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
|
||||||
device.log.Verbosef("UAPI: Updating init_packet_magic_header")
|
device.log.Verbosef("UAPI: Updating init_packet_magic_header")
|
||||||
device.aSecCfg.isOn = true
|
device.aSecCfg.isOn = true
|
||||||
device.aSecCfg.initPacketMagicHeader = uint32(initPacketMagicHeader)
|
device.aSecCfg.initPacketMagicHeader = uint32(initPacketMagicHeader)
|
||||||
|
|
||||||
case "h2":
|
case "h2":
|
||||||
responsePacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
|
responsePacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -417,6 +424,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
|
||||||
device.aSecCfg.responsePacketMagicHeader = uint32(
|
device.aSecCfg.responsePacketMagicHeader = uint32(
|
||||||
responsePacketMagicHeader,
|
responsePacketMagicHeader,
|
||||||
)
|
)
|
||||||
|
|
||||||
case "h3":
|
case "h3":
|
||||||
underloadPacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
|
underloadPacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -431,6 +439,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
|
||||||
device.aSecCfg.underloadPacketMagicHeader = uint32(
|
device.aSecCfg.underloadPacketMagicHeader = uint32(
|
||||||
underloadPacketMagicHeader,
|
underloadPacketMagicHeader,
|
||||||
)
|
)
|
||||||
|
|
||||||
case "h4":
|
case "h4":
|
||||||
transportPacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
|
transportPacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue