void/amneziawg-go
2
0
Fork 0
mirror of https://github.com/amnezia-vpn/amneziawg-go.git synced 2025-07-31 17:12:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: add i,j params size limitation

Browse source
This commit is contained in:
Yaroslav Gurov 2025-07-14 20:39:51 +02:00
parent 1abd24b5b9
commit 1896d9ba3f
6 changed files with 21 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
device/awg/special_handshake_handler.go
View file

@ -31,12 +31,12 @@ type SpecialHandshakeHandler struct {
IsSet bool
}
func (handler *SpecialHandshakeHandler) Validate() error {
func (handler *SpecialHandshakeHandler) Validate(maxSegmentSize int) error {
var errs []error
if err := handler.SpecialJunk.Validate(); err != nil {
if err := handler.SpecialJunk.Validate(maxSegmentSize); err != nil {
errs = append(errs, err)
}
if err := handler.ControlledJunk.Validate(); err != nil {
if err := handler.ControlledJunk.Validate(maxSegmentSize); err != nil {
errs = append(errs, err)
}
return errors.Join(errs...)

4
device/awg/tag_junk_packet_generator.go
View file

@ -57,3 +57,7 @@ func (tg *TagJunkPacketGenerator) IpcGetFields() IpcFields {
Value: tg.tagValue,
}
}
func (tg *TagJunkPacketGenerator) Size() int {
return tg.packetSize
}

10
device/awg/tag_junk_packet_generators.go
View file

@ -1,6 +1,8 @@
package awg
import "fmt"
import (
"fmt"
)
type TagJunkPacketGenerators struct {
tagGenerators []TagJunkPacketGenerator
@ -20,7 +22,7 @@ func (generators *TagJunkPacketGenerators) IsDefined() bool {
}
// validate that packets were defined consecutively
func (generators *TagJunkPacketGenerators) Validate() error {
func (generators *TagJunkPacketGenerators) Validate(maxSegmentSize int) error {
seen := make([]bool, len(generators.tagGenerators))
for _, generator := range generators.tagGenerators {
index, err := generator.nameIndex()
@ -32,6 +34,10 @@ func (generators *TagJunkPacketGenerators) Validate() error {
} else {
seen[index-1] = true
}
if generator.Size() > maxSegmentSize {
return fmt.Errorf("junk packet %s must not exceed %d bytes", generator.name, maxSegmentSize)
}
}
for _, found := range seen {

2
device/awg/tag_junk_packet_generators_test.go
View file

@ -91,7 +91,7 @@ func TestTagJunkGeneratorHandlerValidate(t *testing.T) {
generators.AppendGenerator(gen)
}
err := generators.Validate()
err := generators.Validate(1500)
if tt.wantErr {
require.Error(t, err)
require.Contains(t, err.Error(), tt.errMsg)

2
device/device.go
View file

@ -819,7 +819,7 @@ func (device *Device) handlePostConfig(tempAwg *awg.Protocol) error {
}
if tempAwg.HandshakeHandler.IsSet {
if err := tempAwg.HandshakeHandler.Validate(); err != nil {
if err := tempAwg.HandshakeHandler.Validate(MaxSegmentSize); err != nil {
errs = append(errs, ipcErrorf(
ipc.IpcErrorInvalid, "handshake handler validate: %w", err))
} else {

8
device/uapi.go
View file

@ -406,12 +406,12 @@ func (device *Device) handleDeviceLine(key, value string, tempAwg *awg.Protocol)
return nil
}
generators, err := awg.Parse(key, value)
generator, err := awg.Parse(key, value)
if err != nil {
return ipcErrorf(ipc.IpcErrorInvalid, "invalid %s: %w", key, err)
}
device.log.Verbosef("UAPI: Updating %s", key)
tempAwg.HandshakeHandler.SpecialJunk.AppendGenerator(generators)
tempAwg.HandshakeHandler.SpecialJunk.AppendGenerator(generator)
tempAwg.HandshakeHandler.IsSet = true
case "j1", "j2", "j3":
if len(value) == 0 {
@ -419,13 +419,13 @@ func (device *Device) handleDeviceLine(key, value string, tempAwg *awg.Protocol)
return nil
}
generators, err := awg.Parse(key, value)
generator, err := awg.Parse(key, value)
if err != nil {
return ipcErrorf(ipc.IpcErrorInvalid, "invalid %s: %w", key, err)
}
device.log.Verbosef("UAPI: Updating %s", key)
tempAwg.HandshakeHandler.ControlledJunk.AppendGenerator(generators)
tempAwg.HandshakeHandler.ControlledJunk.AppendGenerator(generator)
tempAwg.HandshakeHandler.IsSet = true
case "itime":
if len(value) == 0 {