passepartoutvpn
/
tunnelkit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix and improve #169 

- Use constants
- Check packet length for OOB read
- Replace assertion with logging
This commit is contained in:
Davide De Rosa 2020-05-08 20:30:17 +02:00
parent aa580240b8
commit 60213bafb8
2 changed files with 27 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## Unreleased
- Fix IPv6 traffic broken on Mojave. [#146](https://github.com/passepartoutvpn/tunnelkit/issues/146), [#169](https://github.com/passepartoutvpn/tunnelkit/pull/169)
## 2.2.3 (2019-04-21) ## 2.2.3 (2019-04-21)
### Changed ### Changed

33
TunnelKit/Sources/AppExtension/Transport/NETunnelInterface.swift
View File

@ -36,13 +36,24 @@
import Foundation import Foundation
import NetworkExtension import NetworkExtension
import SwiftyBeaver
private let log = SwiftyBeaver.self
/// `TunnelInterface` implementation via NetworkExtension. /// `TunnelInterface` implementation via NetworkExtension.
public class NETunnelInterface: TunnelInterface { public class NETunnelInterface: TunnelInterface {
private weak var impl: NEPacketTunnelFlow? private static let ipV4: UInt8 = 4
private static let protocolNumberForIPv4 = NSNumber(value: AF_INET) private static let ipV6: UInt8 = 6
private static let protocolNumberForIPv6 = NSNumber(value: AF_INET6)
private static let protocolNumbers: [UInt8: NSNumber] = [
ipV4: NSNumber(value: AF_INET),
ipV6: NSNumber(value: AF_INET6)
]
private static let fallbackProtocolNumber = protocolNumbers[ipV4]!
private weak var impl: NEPacketTunnelFlow?
/// :nodoc: /// :nodoc:
public init(impl: NEPacketTunnelFlow) { public init(impl: NEPacketTunnelFlow) {
@ -91,16 +102,18 @@ public class NETunnelInterface: TunnelInterface {
} }
private static func ipProtocolNumber(inPacket packet: Data) -> NSNumber { private static func ipProtocolNumber(inPacket packet: Data) -> NSNumber {
guard !packet.isEmpty else {
return fallbackProtocolNumber
}
// 'packet' contains the decrypted incoming IP packet data // 'packet' contains the decrypted incoming IP packet data
// The first 4 bits identify the IP version // The first 4 bits identify the IP version
let ipVersion = ((packet[0] & 0xf0) >> 4) let ipVersion = (packet[0] & 0xf0) >> 4
assert(ipVersion == 4 || ipVersion == 6) guard let protocolNumber = protocolNumbers[ipVersion] else {
log.warning("Unrecognized IP version (\(ipVersion))")
if ipVersion == 6 { return fallbackProtocolNumber
return NETunnelInterface.protocolNumberForIPv6
} else {
return NETunnelInterface.protocolNumberForIPv4
} }
return protocolNumber
} }
} }