go-bridge: dup tunFd so as to not confuse NetworkExtension

The extension isn't banking on tunFd being closed ever, so dup it before
handing it to the rest of wireguard-go.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

diff --git a/wireguard-go-bridge/api-ios.go b/wireguard-go-bridge/api-ios.go
index 93dd323df7a279cbc1bc794e78fc8079c01114f7..d6eccd8f28c1a8a5ba2980e0e809b4dc01424de0 100644 (file)
--- a/wireguard-go-bridge/api-ios.go
+++ b/wireguard-go-bridge/api-ios.go
@@ -90,15 +90,22 @@ func wgTurnOn(settings *C.char, tunFd int32) int32 {
                Info:  log.New(&CLogger{level: 1}, "", 0),
                Error: log.New(&CLogger{level: 2}, "", 0),
        }
+       dupTunFd, err := unix.Dup(int(tunFd))
+       if err != nil {
+               logger.Error.Println(err)
+               return -1
+       }
 
-       err := unix.SetNonblock(int(tunFd), true)
+       err = unix.SetNonblock(dupTunFd, true)
        if err != nil {
                logger.Error.Println(err)
+               unix.Close(dupTunFd)
                return -1
        }
-       tun, err := tun.CreateTUNFromFile(os.NewFile(uintptr(tunFd), "/dev/tun"), 0)
+       tun, err := tun.CreateTUNFromFile(os.NewFile(uintptr(dupTunFd), "/dev/tun"), 0)
        if err != nil {
                logger.Error.Println(err)
+               unix.Close(dupTunFd)
                return -1
        }
        logger.Info.Println("Attaching to interface")
@@ -107,6 +114,7 @@ func wgTurnOn(settings *C.char, tunFd int32) int32 {
        setError := device.IpcSetOperation(bufio.NewReader(strings.NewReader(C.GoString(settings))))
        if setError != nil {
                logger.Error.Println(setError)
+               unix.Close(dupTunFd)
                return -1
        }
 
@@ -120,6 +128,7 @@ func wgTurnOn(settings *C.char, tunFd int32) int32 {
                }
        }
        if i == math.MaxInt32 {
+               unix.Close(dupTunFd)
                return -1
        }
        tunnelHandles[i] = tunnelHandle{device, logger}