Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp979630pxb; Wed, 6 Apr 2022 05:56:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx0eSGeti+D/WU7yxjv3G4BfH+YNMyu4TiDC8huy1BOXtDvr81gQG3VHtpQ3sQ3ZCW6GNUi X-Received: by 2002:a62:e213:0:b0:4fa:6b13:3a9a with SMTP id a19-20020a62e213000000b004fa6b133a9amr8811712pfi.18.1649249769031; Wed, 06 Apr 2022 05:56:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649249769; cv=none; d=google.com; s=arc-20160816; b=L91w1Gtel2KDeMDkLja1MeMgTB6m5iSkllEZ4s9EBtBtfZ8ajh6t+4bAky2RVQLF20 VfTTyQTAaUThE0dyAX06/8WS4lGPpfsDH42XjzdTlOiQ5CBtZmmi1WkLh+EgkHTthdkZ tJ/y/F+fVl6U+J8s0pmrXRFk6bS4+Dyaz/46N1sbATDk6nBIefmNGfCPTKuhlcjMiBRT c4aF4V7P7yzMEum9Mv4fcB3bnNbNhTCEPkGq6WVnIy/kD0MfcDfRqz5qMPnPDNfkGoPj i2QEsS67AytC/JVfodNSsU80jNjKTI547xCwTJJSF3XV21vNbVYF0CCgalGhbOMnu7+g oh2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=m1qaJrPE8OyiCu47N9aQxkqM7veGxzn6bvn06IBzWfs=; b=AylxOZJMsCnbGMDqVAZ2Z1o9lSQutNR/KB+urapdJsk0L/U4Jdp6I4a5YRBMWOowde 3mm5SLDVhb2D5FH9O4cHEuxT2RkYEiAkwQtfRrBjZBnXVmvCKgfL/kganEAO1JL7S4Y4 rrEaZtZbUN3B9akJppLKXRm2vN6hWq05lYQw7suKW4AnGgYTJ81gaOGEdKJkKlYVjbVQ TG4BJiGrC1SAJw9xeFY5HuBikCHMkrft06MG973dg6zHVipjOddd+vqzhqyaOARABpEp p8YmPdPDgEffYRGh3b9nzZn4ihNbdwpwmyNp8ENXAOo1eO1jYSW23mCjeLqI0QlSxYiD cSiQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=TMOZf39o; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id e25-20020a631e19000000b00384650184ecsi15240210pge.738.2022.04.06.05.56.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Apr 2022 05:56:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=TMOZf39o; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 369D0436BCF; Wed, 6 Apr 2022 03:04:58 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1835704AbiDFAdD (ORCPT + 99 others); Tue, 5 Apr 2022 20:33:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56048 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1354188AbiDEKMP (ORCPT ); Tue, 5 Apr 2022 06:12:15 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 253865131F; Tue, 5 Apr 2022 02:58:12 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B5C91616D7; Tue, 5 Apr 2022 09:58:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C38A8C385A2; Tue, 5 Apr 2022 09:58:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1649152691; bh=g0TljGLO1IzFHta7Q9gIR9X96djpoWB7T6QSJAJD6jc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TMOZf39o2TfTy1/x1WGDWlZkVM3u+8I0QHdPLpUtROXtGA14GYWDupw7UT/MUFZRV p6q5BsKuYu9+MFfzTy1NjfclfrEuYnuAeukCIW8h3KcYCYRDFNzAyPZTbXnrFYwOZ0 NWZ0FEl7Lcuv2NKPTP4+6oKH1HbpWd8SHoWNWiNo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Jason A. Donenfeld" , Jakub Kicinski Subject: [PATCH 5.15 830/913] wireguard: socket: ignore v6 endpoints when ipv6 is disabled Date: Tue, 5 Apr 2022 09:31:32 +0200 Message-Id: <20220405070404.709931823@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220405070339.801210740@linuxfoundation.org> References: <20220405070339.801210740@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jason A. Donenfeld commit 77fc73ac89be96ec8f39e8efa53885caa7cb3645 upstream. The previous commit fixed a memory leak on the send path in the event that IPv6 is disabled at compile time, but how did a packet even arrive there to begin with? It turns out we have previously allowed IPv6 endpoints even when IPv6 support is disabled at compile time. This is awkward and inconsistent. Instead, let's just ignore all things IPv6, the same way we do other malformed endpoints, in the case where IPv6 is disabled. Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") Signed-off-by: Jason A. Donenfeld Signed-off-by: Jakub Kicinski Signed-off-by: Greg Kroah-Hartman --- drivers/net/wireguard/socket.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/net/wireguard/socket.c +++ b/drivers/net/wireguard/socket.c @@ -242,7 +242,7 @@ int wg_socket_endpoint_from_skb(struct e endpoint->addr4.sin_addr.s_addr = ip_hdr(skb)->saddr; endpoint->src4.s_addr = ip_hdr(skb)->daddr; endpoint->src_if4 = skb->skb_iif; - } else if (skb->protocol == htons(ETH_P_IPV6)) { + } else if (IS_ENABLED(CONFIG_IPV6) && skb->protocol == htons(ETH_P_IPV6)) { endpoint->addr6.sin6_family = AF_INET6; endpoint->addr6.sin6_port = udp_hdr(skb)->source; endpoint->addr6.sin6_addr = ipv6_hdr(skb)->saddr; @@ -285,7 +285,7 @@ void wg_socket_set_peer_endpoint(struct peer->endpoint.addr4 = endpoint->addr4; peer->endpoint.src4 = endpoint->src4; peer->endpoint.src_if4 = endpoint->src_if4; - } else if (endpoint->addr.sa_family == AF_INET6) { + } else if (IS_ENABLED(CONFIG_IPV6) && endpoint->addr.sa_family == AF_INET6) { peer->endpoint.addr6 = endpoint->addr6; peer->endpoint.src6 = endpoint->src6; } else {