wireguard: socket: ignore v6 endpoints when ipv6 is disabled

BugLink: https://bugs.launchpad.net/bugs/1969110
commit 77fc73ac89be96ec8f39e8efa53885caa7cb3645 upstream.

The previous commit fixed a memory leak on the send path in the event
that IPv6 is disabled at compile time, but how did a packet even arrive
there to begin with? It turns out we have previously allowed IPv6
endpoints even when IPv6 support is disabled at compile time. This is
awkward and inconsistent. Instead, let's just ignore all things IPv6,
the same way we do other malformed endpoints, in the case where IPv6 is
disabled.

Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 9af42a4f6d81b96b123f3ec22a4dcb906c6d00e7)
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>

diff --git a/drivers/net/wireguard/socket.c b/drivers/net/wireguard/socket.c
index 467eef0e563bf7f94dad01535d035af985da798e..0414d7a6ce74141cd2ca365bfd1da727691e27ec 100644 (file)
--- a/drivers/net/wireguard/socket.c
+++ b/drivers/net/wireguard/socket.c
@@ -242,7 +242,7 @@ int wg_socket_endpoint_from_skb(struct endpoint *endpoint,
                endpoint->addr4.sin_addr.s_addr = ip_hdr(skb)->saddr;
                endpoint->src4.s_addr = ip_hdr(skb)->daddr;
                endpoint->src_if4 = skb->skb_iif;
-       } else if (skb->protocol == htons(ETH_P_IPV6)) {
+       } else if (IS_ENABLED(CONFIG_IPV6) && skb->protocol == htons(ETH_P_IPV6)) {
                endpoint->addr6.sin6_family = AF_INET6;
                endpoint->addr6.sin6_port = udp_hdr(skb)->source;
                endpoint->addr6.sin6_addr = ipv6_hdr(skb)->saddr;
@@ -285,7 +285,7 @@ void wg_socket_set_peer_endpoint(struct wg_peer *peer,
                peer->endpoint.addr4 = endpoint->addr4;
                peer->endpoint.src4 = endpoint->src4;
                peer->endpoint.src_if4 = endpoint->src_if4;
-       } else if (endpoint->addr.sa_family == AF_INET6) {
+       } else if (IS_ENABLED(CONFIG_IPV6) && endpoint->addr.sa_family == AF_INET6) {
                peer->endpoint.addr6 = endpoint->addr6;
                peer->endpoint.src6 = endpoint->src6;
        } else {