Development discussion of WireGuard
 help / color / mirror / Atom feed
* [PATCH] Fixed null pointer exception when user namespace is empty
@ 2021-10-16 20:59 Aaron Avery
  2021-10-17  0:52 ` Jason A. Donenfeld
  0 siblings, 1 reply; 4+ messages in thread
From: Aaron Avery @ 2021-10-16 20:59 UTC (permalink / raw)
  To: wireguard; +Cc: Aaron Avery

---
I compiled the Wireguard kernel module for my QNAP NAS running
version 4.14.24. When creating the network device, it got a null pointer
exception. I figured out that the user namespace is null on this system
and was being passed into ns_capable as-is, crashing the kernel (somewhat).
After applying this change, I finally have Wireguard up and running
after years of wishing I had it available instead of OpenVPN.

I'm not a Linux expert so if there's a better way to handle this
situation (such as checking for root instead of CAP_NET_ADMIN when
user_ns doesn't exist), let me know and I can try it and submit
a different patch.
Otherwise, it seems like this could be applied to both
wireguard-linux-compat and wireguard-linux for maximum system
compatibility going forward.

 src/netlink.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/netlink.c b/src/netlink.c
index ef239ab..688e41f 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -513,7 +513,7 @@ static int wg_set_device(struct sk_buff *skb, struct genl_info *info)
 		struct net *net;
 		rcu_read_lock();
 		net = rcu_dereference(wg->creating_net);
-		ret = !net || !ns_capable(net->user_ns, CAP_NET_ADMIN) ? -EPERM : 0;
+		ret = !net || (net->user_ns && !ns_capable(net->user_ns, CAP_NET_ADMIN)) ? -EPERM : 0;
 		rcu_read_unlock();
 		if (ret)
 			goto out;
-- 
2.33.0


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-10-18  1:05 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-16 20:59 [PATCH] Fixed null pointer exception when user namespace is empty Aaron Avery
2021-10-17  0:52 ` Jason A. Donenfeld
2021-10-17 20:27   ` Aaron Avery
2021-10-18  1:04     ` David Kerr

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).