From nobody Sun Nov 13 05:38:04 2022
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4N91SF0wcsz4d7NR;
	Sun, 13 Nov 2022 05:38:05 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4N91SD5K35z3JL5;
	Sun, 13 Nov 2022 05:38:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1668317884;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=MnpSvb/t8DJFzcQCGlM76ljy/7xOLPpgmxqbD4CrFvk=;
	b=W7t6JmklI3Y34PPHeeNdLfNMStaxRx9Er7/TKoskrCt/ePg3Wk/qBZWSTon0dTLYyoMRjn
	gw49ef4j6cGGNU/Ay4k5VBPizWkS90825fil0oEHmOCLYiSOmHm2wLRcbhcZEC4g6T4qC6
	E5PPIt+r1E+nIiaGm33NO+Z91a3HMfmO77KacHdhVCH8aaIg6wDrmU0XcaP2FyvuBZwzXH
	7RNs2vnzpZlXMMcKZXKrKF18P7Iy2lsm/stL0/XGG1vW6kgEnLFRiG/GJlIYGf4opaDdP8
	R0ZPlbEqQ3k2Q+c53XRLQd+Key5k5BVDsZ9lQj0FidzLAtHBql7+pxbY1LvxOA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1668317884;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=MnpSvb/t8DJFzcQCGlM76ljy/7xOLPpgmxqbD4CrFvk=;
	b=BX5hrJCtL1yPDx92nwxL1VqF7VkKxjxSwEnOD5vRxiEGUGoJIFtSZg/xxM9P25HGgrX8Kr
	Q0DbPmHuIjsRmaOcjWd8SsUNFRzt4ixXd4/8BVlLU2ByLGZcLKnn+TBIXd83dVbIUKHQlw
	gTjHcDQed2WuqMyU68m7D1X2tkCbBI1M4ObBIPtCAMr3F4QuIJFuv2lguxvo/BE4RXubS0
	Q5bWleyRbKKnhby8iJtBgOh5SAi+1f6DroaIb8lpJAQmTlK8lZ1Yo4DlUf5BozBKvvPqLQ
	7J77S1PU4BmJkOiJMNf4zutr6wFg8dIX5tboy68BqMVE2hY99ovghG3oUnp4mQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1668317884; a=rsa-sha256; cv=none;
	b=Fg11CIQEW8CF0uGRWhMPuii2TgEc1Gvy6/5G8tptiFFjAZNwpJvMAUeRS9ZQFpYuQNvi0X
	X1C0KJKjYgn+8Eoit0II3Eq6tFIZD7Ry3cwifynwxcT7YbQxc/vGpWa08JMdYu9xcTjlR6
	DduE5DSGwall5fI5YeGX1QIS/MUu79wd+fvHXpYY0ShhLlgUoI8Kg+HwRwmjJeTprkEICY
	Hp9DsTUYQ/0LJ0y591CnXx+UNVVxS6vZPNd41rI9HALBu1/nBOg/iZYLLrcGVDOdSpltRD
	lJqJNxPK9lR/i/vHmfsP4sPc9Muypr6KiG0OOfLAyK5JKy1qwKLOywTtnRQV7g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4N91SD4DsjzrRt;
	Sun, 13 Nov 2022 05:38:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2AD5c4Po096567;
	Sun, 13 Nov 2022 05:38:04 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2AD5c43c096566;
	Sun, 13 Nov 2022 05:38:04 GMT
	(envelope-from git)
Date: Sun, 13 Nov 2022 05:38:04 GMT
Message-Id: <202211130538.2AD5c43c096566@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Kyle Evans <kevans@FreeBSD.org>
Subject: git: 08c0976fdce9 - stable/13 - Merge commit '93bf91b4012a28610672d2266366dfa0a663b70f' into HEAD
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kevans
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 08c0976fdce9f0fadb816c3506b5ed1b4dfc0ed1
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=08c0976fdce9f0fadb816c3506b5ed1b4dfc0ed1

commit 08c0976fdce9f0fadb816c3506b5ed1b4dfc0ed1
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2022-11-05 03:46:21 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2022-11-13 05:37:05 +0000

    Merge commit '93bf91b4012a28610672d2266366dfa0a663b70f' into HEAD
    
    This fixes a warning in wireguard-tools, as well as two issues pointed out by
    FreeBSD's Coverity instance.
    
    CID:            1500405, 1500421
    (cherry picked from commit 2cb43631ab122ee0b2a3a101003b73415a9bf963)
---
 contrib/wireguard-tools/.gitignore    |  5 +++++
 contrib/wireguard-tools/ipc-freebsd.h | 22 ++++++++++++++++------
 contrib/wireguard-tools/show.c        |  2 +-
 3 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/contrib/wireguard-tools/.gitignore b/contrib/wireguard-tools/.gitignore
index 4343ea95a0a2..12b1f78af874 100644
--- a/contrib/wireguard-tools/.gitignore
+++ b/contrib/wireguard-tools/.gitignore
@@ -14,3 +14,8 @@ ipc-linux.h
 ipc-openbsd.h
 man/wg-quick.8
 systemd/
+
+# Build artifacts
+wg
+*.d
+*.o
diff --git a/contrib/wireguard-tools/ipc-freebsd.h b/contrib/wireguard-tools/ipc-freebsd.h
index b5be15b82140..fa74edda5a3d 100644
--- a/contrib/wireguard-tools/ipc-freebsd.h
+++ b/contrib/wireguard-tools/ipc-freebsd.h
@@ -4,6 +4,7 @@
  *
  */
 
+#include <assert.h>
 #include <sys/nv.h>
 #include <sys/sockio.h>
 #include <dev/wg/if_wg.h>
@@ -118,7 +119,7 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
 		goto skip_peers;
 	for (i = 0; i < peer_count; ++i) {
 		struct wgpeer *peer;
-		struct wgallowedip *aip;
+		struct wgallowedip *aip = NULL;
 		const nvlist_t *const *nvl_aips;
 		size_t aip_count, j;
 
@@ -169,11 +170,13 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
 		if (!aip_count || !nvl_aips)
 			goto skip_allowed_ips;
 		for (j = 0; j < aip_count; ++j) {
+			if (!nvlist_exists_number(nvl_aips[j], "cidr"))
+				continue;
+			if (!nvlist_exists_binary(nvl_aips[j], "ipv4") && !nvlist_exists_binary(nvl_aips[j], "ipv6"))
+				continue;
 			aip = calloc(1, sizeof(*aip));
 			if (!aip)
 				goto err_allowed_ips;
-			if (!nvlist_exists_number(nvl_aips[j], "cidr"))
-				continue;
 			number = nvlist_get_number(nvl_aips[j], "cidr");
 			if (nvlist_exists_binary(nvl_aips[j], "ipv4")) {
 				binary = nvlist_get_binary(nvl_aips[j], "ipv4", &size);
@@ -184,7 +187,8 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
 				aip->family = AF_INET;
 				aip->cidr = number;
 				memcpy(&aip->ip4, binary, sizeof(aip->ip4));
-			} else if (nvlist_exists_binary(nvl_aips[j], "ipv6")) {
+			} else {
+				assert(nvlist_exists_binary(nvl_aips[j], "ipv6"));
 				binary = nvlist_get_binary(nvl_aips[j], "ipv6", &size);
 				if (!binary || number > 128) {
 					ret = EINVAL;
@@ -193,14 +197,14 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
 				aip->family = AF_INET6;
 				aip->cidr = number;
 				memcpy(&aip->ip6, binary, sizeof(aip->ip6));
-			} else
-				continue;
+			}
 
 			if (!peer->first_allowedip)
 				peer->first_allowedip = aip;
 			else
 				peer->last_allowedip->next_allowedip = aip;
 			peer->last_allowedip = aip;
+			aip = NULL;
 			continue;
 
 		err_allowed_ips:
@@ -209,6 +213,9 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
 			free(aip);
 			goto err_peer;
 		}
+
+		/* Nothing leaked, hopefully -- ownership transferred or aip freed. */
+		assert(aip == NULL);
 	skip_allowed_ips:
 		if (!dev->first_peer)
 			dev->first_peer = peer;
@@ -322,6 +329,7 @@ static int kernel_set_device(struct wgdevice *dev)
 			nvlist_destroy(nvl_aips[j]);
 		free(nvl_aips);
 		nvlist_destroy(nvl_peers[i]);
+		nvl_peers[i] = NULL;
 		goto err;
 	}
 	if (i) {
@@ -329,9 +337,11 @@ static int kernel_set_device(struct wgdevice *dev)
 		for (i = 0; i < peer_count; ++i)
 			nvlist_destroy(nvl_peers[i]);
 		free(nvl_peers);
+		nvl_peers = NULL;
 	}
 	wgd.wgd_data = nvlist_pack(nvl_device, &wgd.wgd_size);
 	nvlist_destroy(nvl_device);
+	nvl_device = NULL;
 	if (!wgd.wgd_data)
 		goto err;
 	s = get_dgram_socket();
diff --git a/contrib/wireguard-tools/show.c b/contrib/wireguard-tools/show.c
index a61a06ef0646..3fd3d9e2a151 100644
--- a/contrib/wireguard-tools/show.c
+++ b/contrib/wireguard-tools/show.c
@@ -27,7 +27,7 @@
 static int peer_cmp(const void *first, const void *second)
 {
 	time_t diff;
-	const struct wgpeer *a = *(const void **)first, *b = *(const void **)second;
+	const struct wgpeer *a = *(void *const *)first, *b = *(void *const *)second;
 
 	if (!a->last_handshake_time.tv_sec && !a->last_handshake_time.tv_nsec && (b->last_handshake_time.tv_sec || b->last_handshake_time.tv_nsec))
 		return 1;