5
0
mirror of https://github.com/cwinfo/yggdrasil-go.git synced 2024-11-29 15:31:35 +00:00

Don't allow Yggdrasil ranges as crypto-key routes

This commit is contained in:
Neil Alexander 2018-11-05 17:03:58 +00:00
parent 52206dc381
commit ec751e8cc7
No known key found for this signature in database
GPG Key ID: A02A2019A2BB0944

View File

@ -3,6 +3,7 @@ package yggdrasil
import ( import (
"encoding/hex" "encoding/hex"
"errors" "errors"
"fmt"
"net" "net"
"sort" "sort"
) )
@ -34,22 +35,28 @@ func (c *cryptokey) isEnabled() bool {
func (c *cryptokey) addRoute(cidr string, dest string) error { func (c *cryptokey) addRoute(cidr string, dest string) error {
// Is the CIDR we've been given valid? // Is the CIDR we've been given valid?
_, ipnet, err := net.ParseCIDR(cidr) ipaddr, ipnet, err := net.ParseCIDR(cidr)
if err != nil { if err != nil {
return err return err
} }
// Get the prefix length and size // Get the prefix length and size
prefixlen, prefixsize := ipnet.Mask.Size() _, prefixsize := ipnet.Mask.Size()
// Check if the prefix is IPv4 or IPv6 // Check if the prefix is IPv4 or IPv6
if prefixsize == net.IPv6len*8 { if prefixsize == net.IPv6len*8 {
// IPv6 // Is the route an Yggdrasil destination?
for _, route := range c.ipv6routes { var addr address
var snet subnet
copy(addr[:], ipaddr)
copy(snet[:], ipnet.IP)
if addr.isValid() || snet.isValid() {
return errors.New("Can't specify Yggdrasil destination as crypto-key route")
}
// Do we already have a route for this subnet? // Do we already have a route for this subnet?
routeprefixlen, _ := route.subnet.Mask.Size() for _, route := range c.ipv6routes {
if route.subnet.IP.Equal(ipnet.IP) && routeprefixlen == prefixlen { if route.subnet.String() == ipnet.String() {
return errors.New("IPv6 route already exists") return errors.New(fmt.Sprintf("Route already exists for %s", cidr))
} }
} }
// Decode the public key // Decode the public key
@ -99,6 +106,5 @@ func (c *cryptokey) getPublicKeyForAddress(addr string) (boxPubKey, error) {
} }
*/ */
} }
return boxPubKey{}, errors.New(fmt.Sprintf("No route to %s", addr))
return boxPubKey{}, errors.New("No route")
} }