Commit 78ef59e7 authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge branch 'wireguard-fixes-for-7-1-rc6' 

Jason A. Donenfeld says:

====================
WireGuard fixes for 7.1-rc6

Please find one small patch, fixing the order of adding padding onto a
packet, to ensure padding bytes get zeroed properly.
====================

Link: https://patch.msgid.link/20260529173134.3080773-1-Jason@zx2c4.com


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 072aa0f5 f75e3eb0

drivers/net/wireguard/send.c

+10 −10
Original line number Diff line number Diff line
@@ -177,16 +177,6 @@ static bool encrypt_packet(struct sk_buff *skb, struct noise_keypair *keypair) 
	trailer_len = padding_len + noise_encrypted_len(0);

	plaintext_len = skb->len + padding_len;



	/* Expand data section to have room for padding and auth tag. */

	num_frags = skb_cow_data(skb, trailer_len, &trailer);

	if (unlikely(num_frags < 0 || num_frags > ARRAY_SIZE(sg)))

		return false;



	/* Set the padding to zeros, and make sure it and the auth tag are part

	 * of the skb.

	 */

	memset(skb_tail_pointer(trailer), 0, padding_len);



	/* Expand head section to have room for our header and the network

	 * stack's headers.

	 */
@@ -198,6 +188,16 @@ static bool encrypt_packet(struct sk_buff *skb, struct noise_keypair *keypair) 
		     skb_checksum_help(skb)))

		return false;



	/* Expand data section to have room for padding and auth tag. */

	num_frags = skb_cow_data(skb, trailer_len, &trailer);

	if (unlikely(num_frags < 0 || num_frags > ARRAY_SIZE(sg)))

		return false;



	/* Set the padding to zeros, and make sure it and the auth tag are part

	 * of the skb.

	 */

	memset(skb_tail_pointer(trailer), 0, padding_len);



	/* Only after checksumming can we safely add on the padding at the end

	 * and the header.

	 */