wg_input: avoid leaking due to an m_defrag failure

m_defrag() will not free the chain on failure, leaking the mbuf. Obtained from: OpenBSD MFC after: 3 days

wg_input: avoid leaking due to an m_defrag failure
m_defrag() will not free the chain on failure, leaking the mbuf. Obtained from: OpenBSD MFC after: 3 days
df554850 · Kyle Evans · d9a50109 · df554850
Commit df554850 authored Mar 07, 2021 by Kyle Evans
--- a/sys/dev/if_wg/module/if_wg_session.c
+++ b/sys/dev/if_wg/module/if_wg_session.c
@@ -1905,7 +1905,13 @@ wg_input(struct mbuf *m0, int offset, struct inpcb *inpcb,

 	m_adj(m0, hlen);

-	if ((m = m_defrag(m0, M_NOWAIT)) == NULL) {
+	/*
+	 * Ensure mbuf is contiguous over full length of the packet.  This is
+	 * done so that we can directly read the handshake values in
+	 * wg_handshake, and so we can decrypt a transport packet by passing a
+	 * a single buffer to noise_remote_decrypt() in wg_decap.
+	 */
+	if ((m = m_pullup(m0, m0->m_pkthdr.len)) == NULL) {
 		DPRINTF(sc, "DEFRAG fail\n");
 		return;
 	}