diff options
| author | David Lönnhager <david.l@mullvad.net> | 2020-12-17 13:43:22 +0100 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2020-12-17 13:43:22 +0100 |
| commit | c99654d4a7623f215484974cffac81fc1284e7ba (patch) | |
| tree | d6994f859f3b674b1f326cb28e654626c0186f6e | |
| parent | f6b54d185d9873394853713f15549dad921dc99d (diff) | |
| parent | 4b4f62cbad16c7eb3a8049553b5f2f3c845c109b (diff) | |
| download | mullvadvpn-c99654d4a7623f215484974cffac81fc1284e7ba.tar.xz mullvadvpn-c99654d4a7623f215484974cffac81fc1284e7ba.zip | |
Merge branch 'fix-tunnel-metadata'
| -rw-r--r-- | CHANGELOG.md | 6 | ||||
| -rw-r--r-- | talpid-core/src/tunnel/mod.rs | 5 | ||||
| -rw-r--r-- | windows/winnet/src/winnet/routing/helpers.cpp | 3 |
3 files changed, 12 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index ed29c92eb2..4bced6ecfe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,6 +30,12 @@ Line wrap the file at 100 chars. Th #### Linux - Improved compatiblitiy with newer versions of systemd-resolved. +### Security +#### Linux +- Prevent the private tunnel IPv6 address from being detectable on a local network when using + OpenVPN by correctly applying the fix for + [CVE-2019-14899](https://seclists.org/oss-sec/2019/q4/122). + ## [2020.8-beta2] - 2020-12-11 This release is for desktop only. diff --git a/talpid-core/src/tunnel/mod.rs b/talpid-core/src/tunnel/mod.rs index b2a8292bf2..6ea8393a77 100644 --- a/talpid-core/src/tunnel/mod.rs +++ b/talpid-core/src/tunnel/mod.rs @@ -107,11 +107,14 @@ impl TunnelEvent { .get("dev") .expect("No \"dev\" in tunnel up event") .to_owned(); - let ips = vec![env + let mut ips = vec![env .get("ifconfig_local") .expect("No \"ifconfig_local\" in tunnel up event") .parse() .expect("Tunnel IP not in valid format")]; + if let Some(ipv6_address) = env.get("ifconfig_ipv6_local") { + ips.push(ipv6_address.parse().expect("Tunnel IP not in valid format")); + } let ipv4_gateway = env .get("route_vpn_gateway") .expect("No \"route_vpn_gateway\" in tunnel up event") diff --git a/windows/winnet/src/winnet/routing/helpers.cpp b/windows/winnet/src/winnet/routing/helpers.cpp index 20b1f942c4..4a85fda1fb 100644 --- a/windows/winnet/src/winnet/routing/helpers.cpp +++ b/windows/winnet/src/winnet/routing/helpers.cpp @@ -12,7 +12,8 @@ namespace // Interface description substrings found for virtual adapters. const wchar_t *TUNNEL_INTERFACE_DESCS[] = { L"WireGuard", - L"TAP Adapter" + L"Wintun", + L"Tunnel" }; bool IsRouteOnPhysicalInterface(const MIB_IPFORWARD_ROW2 &route) |