diff options
| -rw-r--r-- | talpid-core/src/tunnel/wireguard/wireguard_nt.rs | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/talpid-core/src/tunnel/wireguard/wireguard_nt.rs b/talpid-core/src/tunnel/wireguard/wireguard_nt.rs index e2b386b1ed..1302ea3e9e 100644 --- a/talpid-core/src/tunnel/wireguard/wireguard_nt.rs +++ b/talpid-core/src/tunnel/wireguard/wireguard_nt.rs @@ -922,16 +922,30 @@ unsafe fn deserialize_config( let peer: WgPeer = *(peer_data.as_ptr() as *const WgPeer); tail = new_tail; + if let Err(error) = windows::try_socketaddr_from_inet_sockaddr(peer.endpoint.addr) { + log::error!( + "{}", + error.display_chain_with_msg("Received invalid endpoint address") + ); + return Err(Error::InvalidConfigData); + } + let mut allowed_ips = vec![]; for _ in 0..peer.allowed_ips_count { let (allowed_ip_data, new_tail) = tail.split_at(mem::size_of::<WgAllowedIp>()); let allowed_ip: WgAllowedIp = *(allowed_ip_data.as_ptr() as *const WgAllowedIp); - WgAllowedIp::validate( + if let Err(error) = WgAllowedIp::validate( &allowed_ip.address, allowed_ip.address_family, allowed_ip.cidr, - )?; + ) { + log::error!( + "{}", + error.display_chain_with_msg("Received invalid allowed IP") + ); + return Err(Error::InvalidConfigData); + } tail = new_tail; allowed_ips.push(allowed_ip); } |