wg: abstract sockets are dangerous
They have no permissions, so we're probably better off just creating a socket file with the umask set, as we do in BSD. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
parent
b318e81cd0
commit
a773a23c75
1 changed files with 1 additions and 28 deletions
29
src/ipc.c
29
src/ipc.c
|
@ -80,7 +80,6 @@ static int add_next_to_inflatable_buffer(struct inflatable_buffer *buffer)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifndef __linux__
|
|
||||||
static void close_and_unlink(int fd)
|
static void close_and_unlink(int fd)
|
||||||
{
|
{
|
||||||
struct sockaddr_un addr;
|
struct sockaddr_un addr;
|
||||||
|
@ -90,16 +89,12 @@ static void close_and_unlink(int fd)
|
||||||
unlink(addr.sun_path);
|
unlink(addr.sun_path);
|
||||||
close(fd);
|
close(fd);
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
static int userspace_interface_fd(const char *interface)
|
static int userspace_interface_fd(const char *interface)
|
||||||
{
|
{
|
||||||
struct stat sbuf;
|
struct stat sbuf;
|
||||||
struct sockaddr_un addr = { .sun_family = AF_UNIX };
|
struct sockaddr_un addr = { .sun_family = AF_UNIX }, bind_addr = { .sun_family = AF_UNIX };
|
||||||
#ifndef __linux__
|
|
||||||
struct sockaddr_un bind_addr = { .sun_family = AF_UNIX };
|
|
||||||
mode_t old_umask;
|
mode_t old_umask;
|
||||||
#endif
|
|
||||||
int fd = -1, ret;
|
int fd = -1, ret;
|
||||||
|
|
||||||
ret = -EINVAL;
|
ret = -EINVAL;
|
||||||
|
@ -108,12 +103,10 @@ static int userspace_interface_fd(const char *interface)
|
||||||
ret = snprintf(addr.sun_path, sizeof(addr.sun_path) - 1, SOCK_PATH "%s" SOCK_SUFFIX, interface);
|
ret = snprintf(addr.sun_path, sizeof(addr.sun_path) - 1, SOCK_PATH "%s" SOCK_SUFFIX, interface);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto out;
|
goto out;
|
||||||
#ifndef __linux__
|
|
||||||
ret = snprintf(bind_addr.sun_path, sizeof(bind_addr.sun_path) - 1, SOCK_PATH ".wg-tool-%s-%d.client", interface, getpid());
|
ret = snprintf(bind_addr.sun_path, sizeof(bind_addr.sun_path) - 1, SOCK_PATH ".wg-tool-%s-%d.client", interface, getpid());
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto out;
|
goto out;
|
||||||
unlink(bind_addr.sun_path);
|
unlink(bind_addr.sun_path);
|
||||||
#endif
|
|
||||||
ret = stat(addr.sun_path, &sbuf);
|
ret = stat(addr.sun_path, &sbuf);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto out;
|
goto out;
|
||||||
|
@ -124,13 +117,9 @@ static int userspace_interface_fd(const char *interface)
|
||||||
ret = fd = socket(AF_UNIX, SOCK_DGRAM, 0);
|
ret = fd = socket(AF_UNIX, SOCK_DGRAM, 0);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto out;
|
goto out;
|
||||||
#ifdef __linux__
|
|
||||||
ret = bind(fd, (struct sockaddr *)&addr, sizeof(sa_family_t));
|
|
||||||
#else
|
|
||||||
old_umask = umask(0077);
|
old_umask = umask(0077);
|
||||||
ret = bind(fd, (struct sockaddr *)&bind_addr, sizeof(bind_addr));
|
ret = bind(fd, (struct sockaddr *)&bind_addr, sizeof(bind_addr));
|
||||||
umask(old_umask);
|
umask(old_umask);
|
||||||
#endif
|
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
|
@ -142,11 +131,7 @@ static int userspace_interface_fd(const char *interface)
|
||||||
}
|
}
|
||||||
out:
|
out:
|
||||||
if (ret && fd >= 0)
|
if (ret && fd >= 0)
|
||||||
#ifdef __linux__
|
|
||||||
close(fd);
|
|
||||||
#else
|
|
||||||
close_and_unlink(fd);
|
close_and_unlink(fd);
|
||||||
#endif
|
|
||||||
if (!ret)
|
if (!ret)
|
||||||
ret = fd;
|
ret = fd;
|
||||||
return ret;
|
return ret;
|
||||||
|
@ -157,11 +142,7 @@ static bool userspace_has_wireguard_interface(const char *interface)
|
||||||
int fd = userspace_interface_fd(interface);
|
int fd = userspace_interface_fd(interface);
|
||||||
if (fd < 0)
|
if (fd < 0)
|
||||||
return false;
|
return false;
|
||||||
#ifdef __linux__
|
|
||||||
close(fd);
|
|
||||||
#else
|
|
||||||
close_and_unlink(fd);
|
close_and_unlink(fd);
|
||||||
#endif
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -219,11 +200,7 @@ static int userspace_set_device(struct wgdevice *dev)
|
||||||
goto out;
|
goto out;
|
||||||
ret = ret_code;
|
ret = ret_code;
|
||||||
out:
|
out:
|
||||||
#ifdef __linux__
|
|
||||||
close(fd);
|
|
||||||
#else
|
|
||||||
close_and_unlink(fd);
|
close_and_unlink(fd);
|
||||||
#endif
|
|
||||||
return (int)ret;
|
return (int)ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -273,11 +250,7 @@ static int userspace_get_device(struct wgdevice **dev, const char *interface)
|
||||||
out:
|
out:
|
||||||
if (*dev && ret)
|
if (*dev && ret)
|
||||||
free(*dev);
|
free(*dev);
|
||||||
#ifdef __linux__
|
|
||||||
close(fd);
|
|
||||||
#else
|
|
||||||
close_and_unlink(fd);
|
close_and_unlink(fd);
|
||||||
#endif
|
|
||||||
errno = -ret;
|
errno = -ret;
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue