tun: freebsd: avoid OOB writes

author Jason A. Donenfeld <Jason@zx2c4.com>

Mon, 19 Apr 2021 21:10:23 +0000 (15:10 -0600)

committer Jason A. Donenfeld <Jason@zx2c4.com>

Mon, 19 Apr 2021 21:10:23 +0000 (15:10 -0600)
author Jason A. Donenfeld <Jason@zx2c4.com>
Mon, 19 Apr 2021 21:10:23 +0000 (15:10 -0600)
committer Jason A. Donenfeld <Jason@zx2c4.com>
Mon, 19 Apr 2021 21:10:23 +0000 (15:10 -0600)
diff --git a/tun/tun_freebsd.go b/tun/tun_freebsd.go

index 37f1a0c41ad29660de861e6e9069f706fc642da8..c4c6b64e14266e5efc399e2ad3b0535993968784 100644 (file)
--- a/tun/tun_freebsd.go
+++ b/tun/tun_freebsd.go
@@ -8,6 +8,7 @@ package tun
  import (
         "errors"
         "fmt"
+       "io"
         "net"
         "os"
         "sync"
@@ -347,7 +348,13 @@ func (tun *NativeTun) Read(buff []byte, offset int) (int, error) {
  }
  
  func (tun *NativeTun) Write(buf []byte, offset int) (int, error) {
+       if offset < 4 {
+               return 0, io.ErrShortBuffer
+       }
         buf = buf[offset-4:]
+       if len(buf) < 5 {
+               return 0, io.ErrShortBuffer
+       }
         buf[0] = 0x00
         buf[1] = 0x00
         buf[2] = 0x00
author	Jason A. Donenfeld <Jason@zx2c4.com>
	Mon, 19 Apr 2021 21:10:23 +0000 (15:10 -0600)
committer	Jason A. Donenfeld <Jason@zx2c4.com>
	Mon, 19 Apr 2021 21:10:23 +0000 (15:10 -0600)