mirror of
https://github.com/amnezia-vpn/amneziawg-go.git
synced 2025-06-07 22:03:44 +02:00
add boundary checks before junk prepend&send
Signed-off-by: Mark Puha <marko10@inf.elte.hu>
This commit is contained in:
Mark Puha
parent
f0cc315e5b
commit
0be1878d38
2 changed files with 25 additions and 8 deletions
|
|
@ -133,14 +133,16 @@ func (peer *Peer) SendHandshakeInitiation(isRetry bool) error {
|
|||
peer.device.log.Errorf("%v - %v", peer, err)
|
||||
return err
|
||||
}
|
||||
buf := make([]byte, 0, peer.device.aSecCfg.initPacketJunkSize)
|
||||
writer := bytes.NewBuffer(buf[:0])
|
||||
err = appendJunk(writer, peer.device.aSecCfg.initPacketJunkSize)
|
||||
if err != nil {
|
||||
peer.device.log.Errorf("%v - %v", peer, err)
|
||||
return err
|
||||
if peer.device.aSecCfg.initPacketJunkSize != 0 {
|
||||
buf := make([]byte, 0, peer.device.aSecCfg.initPacketJunkSize)
|
||||
writer := bytes.NewBuffer(buf[:0])
|
||||
err = appendJunk(writer, peer.device.aSecCfg.initPacketJunkSize)
|
||||
if err != nil {
|
||||
peer.device.log.Errorf("%v - %v", peer, err)
|
||||
return err
|
||||
}
|
||||
junkedHeader = writer.Bytes()
|
||||
}
|
||||
junkedHeader = writer.Bytes()
|
||||
}
|
||||
var buf [MessageInitiationSize]byte
|
||||
writer := bytes.NewBuffer(buf[:0])
|
||||
|
|
@ -182,7 +184,9 @@ func (peer *Peer) SendHandshakeResponse() error {
|
|||
return err
|
||||
}
|
||||
var junkedHeader []byte
|
||||
if peer.device.isAdvancedSecurityOn() {
|
||||
if peer.device.isAdvancedSecurityOn() &&
|
||||
peer.device.aSecCfg.responsePacketJunkSize != 0 {
|
||||
|
||||
buf := make([]byte, 0, peer.device.aSecCfg.responsePacketJunkSize)
|
||||
writer := bytes.NewBuffer(buf[:0])
|
||||
err = appendJunk(writer, peer.device.aSecCfg.responsePacketJunkSize)
|
||||
|
|
@ -471,6 +475,10 @@ top:
|
|||
}
|
||||
|
||||
func (peer *Peer) sendJunkPackets() error {
|
||||
if peer.device.aSecCfg.junkPacketCount == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
junks := make([][]byte, 0, peer.device.aSecCfg.junkPacketCount)
|
||||
for i := 0; i < peer.device.aSecCfg.junkPacketCount; i++ {
|
||||
packetSize := rand.Intn(
|
||||
|
|
|
|||
|
|
@ -303,6 +303,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
|
|||
}
|
||||
device.log.Verbosef("UAPI: Removing all peers")
|
||||
device.RemoveAllPeers()
|
||||
|
||||
case "jc":
|
||||
junkPacketCount, err := strconv.Atoi(value)
|
||||
if err != nil {
|
||||
|
|
@ -319,6 +320,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
|
|||
device.log.Verbosef("UAPI: Updating junk_packet_count")
|
||||
device.aSecCfg.isOn = true
|
||||
device.aSecCfg.junkPacketCount = junkPacketCount
|
||||
|
||||
case "jmin":
|
||||
junkPacketMinSize, err := strconv.Atoi(value)
|
||||
if err != nil {
|
||||
|
|
@ -331,6 +333,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
|
|||
device.log.Verbosef("UAPI: Updating junk_packet_min_size")
|
||||
device.aSecCfg.isOn = true
|
||||
device.aSecCfg.junkPacketMinSize = junkPacketMinSize
|
||||
|
||||
case "jmax":
|
||||
junkPacketMaxSize, err := strconv.Atoi(value)
|
||||
if err != nil {
|
||||
|
|
@ -350,6 +353,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
|
|||
device.log.Verbosef("UAPI: Updating junk_packet_max_size")
|
||||
device.aSecCfg.isOn = true
|
||||
device.aSecCfg.junkPacketMaxSize = junkPacketMaxSize
|
||||
|
||||
case "s1":
|
||||
initPacketJunkSize, err := strconv.Atoi(value)
|
||||
if err != nil {
|
||||
|
|
@ -370,6 +374,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
|
|||
device.log.Verbosef("UAPI: Updating init_packet_junk_size")
|
||||
device.aSecCfg.isOn = true
|
||||
device.aSecCfg.initPacketJunkSize = initPacketJunkSize
|
||||
|
||||
case "s2":
|
||||
responsePacketJunkSize, err := strconv.Atoi(value)
|
||||
if err != nil {
|
||||
|
|
@ -391,6 +396,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
|
|||
device.aSecCfg.isOn = true
|
||||
device.aSecCfg.responsePacketJunkSize = responsePacketJunkSize
|
||||
|
||||
|
||||
case "h1":
|
||||
initPacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
|
||||
if err != nil {
|
||||
|
|
@ -403,6 +409,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
|
|||
device.log.Verbosef("UAPI: Updating init_packet_magic_header")
|
||||
device.aSecCfg.isOn = true
|
||||
device.aSecCfg.initPacketMagicHeader = uint32(initPacketMagicHeader)
|
||||
|
||||
case "h2":
|
||||
responsePacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
|
||||
if err != nil {
|
||||
|
|
@ -417,6 +424,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
|
|||
device.aSecCfg.responsePacketMagicHeader = uint32(
|
||||
responsePacketMagicHeader,
|
||||
)
|
||||
|
||||
case "h3":
|
||||
underloadPacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
|
||||
if err != nil {
|
||||
|
|
@ -431,6 +439,7 @@ func (device *Device) handleDeviceLine(key, value string) error {
|
|||
device.aSecCfg.underloadPacketMagicHeader = uint32(
|
||||
underloadPacketMagicHeader,
|
||||
)
|
||||
|
||||
case "h4":
|
||||
transportPacketMagicHeader, err := strconv.ParseUint(value, 10, 32)
|
||||
if err != nil {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue