Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp936563pxb;
        Wed, 6 Apr 2022 04:48:10 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJx0ImyKP38G9QagCl2cCayub5CKDdUwS5kUvIlBdCejr+OedObeV7waYWfzpMWWlthW0aX5
X-Received: by 2002:a65:670b:0:b0:382:243d:fa with SMTP id u11-20020a65670b000000b00382243d00famr6723309pgf.360.1649245690173;
        Wed, 06 Apr 2022 04:48:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1649245690; cv=none;
        d=google.com; s=arc-20160816;
        b=QBNcqw3AbUYsE8fhOMM9QJN443jDFSVVee1W08/zEX7n4QCqC/VK0GCw+iW8N2FJ7H
         NZ7QgNmkVdGc2bwR0+p+yw8EHv7FeGr9aFetYjW0eVqkYMO9lFT/zZBBW3Yf0XH2PjMi
         CrWkjcLmyPDoFAdhuSIoRIJ8iglHU4GM/kqRQBaYrkreSSwpCbWYYXpfV4ZP2VgDb2kG
         bbKvhbwwkt8ez01jMsWOAXIu3l3vOCCqEq+LTw3bSnExx0dz2GrZn8cUQ0fEvynjjru9
         nudu+YwjTY+drPFBDiwD5jlXrSowPrYljI6UxcwbGX/KTmQRuUzr3EAbVCgMDCezRhdR
         r91g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=m1qaJrPE8OyiCu47N9aQxkqM7veGxzn6bvn06IBzWfs=;
        b=alMlEAi8JHik1EbdbRqF9b166w9pxC/guIyjshW2NP3IPuBlGiyrsLfIYdWXgEnjJR
         WHkPGg8Qug4IZFhWmHElvhN3OJcfu5CBiA8IzVEdLrh+3Q4hLKLDEjzjoATLswx1lk6E
         7ceertEnmwV6BMC6zV2wfWDL1Wq1tZT+fUHHqfFvfaYqzRZucdQ7gjlDqci3yVU5vFJK
         2FcvvRy1I2rCmYk7b/WBslE4GMnIC23SuXLVLzURWzKrK2x9DUy6ioyOwlBdgxkrBCPg
         ip1PQfu3HSVM9JwhhQYpGb57ME9nsY4ddTnXQ8QAw+945V0bb2M+M/xKKZbuZPG7bReW
         QQsg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=alwI5WbJ;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18])
        by mx.google.com with ESMTPS id o22-20020a056a0015d600b004faec001782si17043248pfu.232.2022.04.06.04.48.09
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 06 Apr 2022 04:48:10 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=alwI5WbJ;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 5B03562E29A;
	Wed,  6 Apr 2022 03:04:50 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1574780AbiDEXBJ (ORCPT <rfc822;02joepater06@gmail.com>
        + 99 others); Tue, 5 Apr 2022 19:01:09 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55826 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1345071AbiDEKki (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 5 Apr 2022 06:40:38 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5416E2DAA9;
        Tue,  5 Apr 2022 03:25:48 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id E4E9461425;
        Tue,  5 Apr 2022 10:25:47 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id C4C20C385A0;
        Tue,  5 Apr 2022 10:25:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1649154347;
        bh=g0TljGLO1IzFHta7Q9gIR9X96djpoWB7T6QSJAJD6jc=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=alwI5WbJ7QDqBGpuLSvRbcViYqBgLaBPbf6dvr8sIkwJdAiUqxpgrAAHX8sOaBaOa
         aWERUPWvA0hdJ4AJOVJgppypa1H1nOiJSRx+cOSOLPkbc7M/uzdtRSlU8pmk803ykx
         lEaILzePDSVw/Mcu4RJKyAh7LZ9mpfuMJAfgf0vg=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, "Jason A. Donenfeld" <Jason@zx2c4.com>,
        Jakub Kicinski <kuba@kernel.org>
Subject: [PATCH 5.10 547/599] wireguard: socket: ignore v6 endpoints when ipv6 is disabled
Date:   Tue,  5 Apr 2022 09:34:01 +0200
Message-Id: <20220405070315.119252507@linuxfoundation.org>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220405070258.802373272@linuxfoundation.org>
References: <20220405070258.802373272@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Jason A. Donenfeld <Jason@zx2c4.com>

commit 77fc73ac89be96ec8f39e8efa53885caa7cb3645 upstream.

The previous commit fixed a memory leak on the send path in the event
that IPv6 is disabled at compile time, but how did a packet even arrive
there to begin with? It turns out we have previously allowed IPv6
endpoints even when IPv6 support is disabled at compile time. This is
awkward and inconsistent. Instead, let's just ignore all things IPv6,
the same way we do other malformed endpoints, in the case where IPv6 is
disabled.

Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/wireguard/socket.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/net/wireguard/socket.c
+++ b/drivers/net/wireguard/socket.c
@@ -242,7 +242,7 @@ int wg_socket_endpoint_from_skb(struct e
 		endpoint->addr4.sin_addr.s_addr = ip_hdr(skb)->saddr;
 		endpoint->src4.s_addr = ip_hdr(skb)->daddr;
 		endpoint->src_if4 = skb->skb_iif;
-	} else if (skb->protocol == htons(ETH_P_IPV6)) {
+	} else if (IS_ENABLED(CONFIG_IPV6) && skb->protocol == htons(ETH_P_IPV6)) {
 		endpoint->addr6.sin6_family = AF_INET6;
 		endpoint->addr6.sin6_port = udp_hdr(skb)->source;
 		endpoint->addr6.sin6_addr = ipv6_hdr(skb)->saddr;
@@ -285,7 +285,7 @@ void wg_socket_set_peer_endpoint(struct
 		peer->endpoint.addr4 = endpoint->addr4;
 		peer->endpoint.src4 = endpoint->src4;
 		peer->endpoint.src_if4 = endpoint->src_if4;
-	} else if (endpoint->addr.sa_family == AF_INET6) {
+	} else if (IS_ENABLED(CONFIG_IPV6) && endpoint->addr.sa_family == AF_INET6) {
 		peer->endpoint.addr6 = endpoint->addr6;
 		peer->endpoint.src6 = endpoint->src6;
 	} else {