Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp979630pxb;
        Wed, 6 Apr 2022 05:56:09 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJx0eSGeti+D/WU7yxjv3G4BfH+YNMyu4TiDC8huy1BOXtDvr81gQG3VHtpQ3sQ3ZCW6GNUi
X-Received: by 2002:a62:e213:0:b0:4fa:6b13:3a9a with SMTP id a19-20020a62e213000000b004fa6b133a9amr8811712pfi.18.1649249769031;
        Wed, 06 Apr 2022 05:56:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1649249769; cv=none;
        d=google.com; s=arc-20160816;
        b=L91w1Gtel2KDeMDkLja1MeMgTB6m5iSkllEZ4s9EBtBtfZ8ajh6t+4bAky2RVQLF20
         VfTTyQTAaUThE0dyAX06/8WS4lGPpfsDH42XjzdTlOiQ5CBtZmmi1WkLh+EgkHTthdkZ
         tJ/y/F+fVl6U+J8s0pmrXRFk6bS4+Dyaz/46N1sbATDk6nBIefmNGfCPTKuhlcjMiBRT
         c4aF4V7P7yzMEum9Mv4fcB3bnNbNhTCEPkGq6WVnIy/kD0MfcDfRqz5qMPnPDNfkGoPj
         i2QEsS67AytC/JVfodNSsU80jNjKTI547xCwTJJSF3XV21vNbVYF0CCgalGhbOMnu7+g
         oh2w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=m1qaJrPE8OyiCu47N9aQxkqM7veGxzn6bvn06IBzWfs=;
        b=AylxOZJMsCnbGMDqVAZ2Z1o9lSQutNR/KB+urapdJsk0L/U4Jdp6I4a5YRBMWOowde
         3mm5SLDVhb2D5FH9O4cHEuxT2RkYEiAkwQtfRrBjZBnXVmvCKgfL/kganEAO1JL7S4Y4
         rrEaZtZbUN3B9akJppLKXRm2vN6hWq05lYQw7suKW4AnGgYTJ81gaOGEdKJkKlYVjbVQ
         TG4BJiGrC1SAJw9xeFY5HuBikCHMkrft06MG973dg6zHVipjOddd+vqzhqyaOARABpEp
         p8YmPdPDgEffYRGh3b9nzZn4ihNbdwpwmyNp8ENXAOo1eO1jYSW23mCjeLqI0QlSxYiD
         cSiQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=TMOZf39o;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18])
        by mx.google.com with ESMTPS id e25-20020a631e19000000b00384650184ecsi15240210pge.738.2022.04.06.05.56.08
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 06 Apr 2022 05:56:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=TMOZf39o;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 369D0436BCF;
	Wed,  6 Apr 2022 03:04:58 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1835704AbiDFAdD (ORCPT <rfc822;02joepater06@gmail.com>
        + 99 others); Tue, 5 Apr 2022 20:33:03 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56048 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1354188AbiDEKMP (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 5 Apr 2022 06:12:15 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 253865131F;
        Tue,  5 Apr 2022 02:58:12 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id B5C91616D7;
        Tue,  5 Apr 2022 09:58:11 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id C38A8C385A2;
        Tue,  5 Apr 2022 09:58:10 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1649152691;
        bh=g0TljGLO1IzFHta7Q9gIR9X96djpoWB7T6QSJAJD6jc=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=TMOZf39o2TfTy1/x1WGDWlZkVM3u+8I0QHdPLpUtROXtGA14GYWDupw7UT/MUFZRV
         p6q5BsKuYu9+MFfzTy1NjfclfrEuYnuAeukCIW8h3KcYCYRDFNzAyPZTbXnrFYwOZ0
         NWZ0FEl7Lcuv2NKPTP4+6oKH1HbpWd8SHoWNWiNo=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, "Jason A. Donenfeld" <Jason@zx2c4.com>,
        Jakub Kicinski <kuba@kernel.org>
Subject: [PATCH 5.15 830/913] wireguard: socket: ignore v6 endpoints when ipv6 is disabled
Date:   Tue,  5 Apr 2022 09:31:32 +0200
Message-Id: <20220405070404.709931823@linuxfoundation.org>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220405070339.801210740@linuxfoundation.org>
References: <20220405070339.801210740@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Jason A. Donenfeld <Jason@zx2c4.com>

commit 77fc73ac89be96ec8f39e8efa53885caa7cb3645 upstream.

The previous commit fixed a memory leak on the send path in the event
that IPv6 is disabled at compile time, but how did a packet even arrive
there to begin with? It turns out we have previously allowed IPv6
endpoints even when IPv6 support is disabled at compile time. This is
awkward and inconsistent. Instead, let's just ignore all things IPv6,
the same way we do other malformed endpoints, in the case where IPv6 is
disabled.

Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/wireguard/socket.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/net/wireguard/socket.c
+++ b/drivers/net/wireguard/socket.c
@@ -242,7 +242,7 @@ int wg_socket_endpoint_from_skb(struct e
 		endpoint->addr4.sin_addr.s_addr = ip_hdr(skb)->saddr;
 		endpoint->src4.s_addr = ip_hdr(skb)->daddr;
 		endpoint->src_if4 = skb->skb_iif;
-	} else if (skb->protocol == htons(ETH_P_IPV6)) {
+	} else if (IS_ENABLED(CONFIG_IPV6) && skb->protocol == htons(ETH_P_IPV6)) {
 		endpoint->addr6.sin6_family = AF_INET6;
 		endpoint->addr6.sin6_port = udp_hdr(skb)->source;
 		endpoint->addr6.sin6_addr = ipv6_hdr(skb)->saddr;
@@ -285,7 +285,7 @@ void wg_socket_set_peer_endpoint(struct
 		peer->endpoint.addr4 = endpoint->addr4;
 		peer->endpoint.src4 = endpoint->src4;
 		peer->endpoint.src_if4 = endpoint->src_if4;
-	} else if (endpoint->addr.sa_family == AF_INET6) {
+	} else if (IS_ENABLED(CONFIG_IPV6) && endpoint->addr.sa_family == AF_INET6) {
 		peer->endpoint.addr6 = endpoint->addr6;
 		peer->endpoint.src6 = endpoint->src6;
 	} else {