From 6901984f6aa6de37a7b3979134f8b29c81735861 Mon Sep 17 00:00:00 2001
From: Jordan Whited <jordan@tailscale.com>
Date: Thu, 9 Mar 2023 10:46:12 -0800
Subject: conn: ensure control message size is respected in StdNetBind

This commit re-slices received control messages in StdNetBind to the
value the OS reports on a successful read. Previously, the len of this
slice would always be srcControlSize, which could result in control
message values leaking through a sync.Pool round trip. This is
unlikely with the IP_PKTINFO socket option set successfully, but
should be guarded against.

Reviewed-by: James Tucker <james@tailscale.com>
Signed-off-by: Jordan Whited <jordan@tailscale.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 conn/bind_std.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/conn/bind_std.go b/conn/bind_std.go
index a842b12..0266d6b 100644
--- a/conn/bind_std.go
+++ b/conn/bind_std.go
@@ -229,7 +229,7 @@ func (s *StdNetBind) makeReceiveIPv4(pc *ipv4.PacketConn, conn *net.UDPConn) Rec
 			sizes[i] = msg.N
 			addrPort := msg.Addr.(*net.UDPAddr).AddrPort()
 			ep := asEndpoint(addrPort)
-			getSrcFromControl(msg.OOB, ep)
+			getSrcFromControl(msg.OOB[:msg.NN], ep)
 			eps[i] = ep
 		}
 		return numMsgs, nil
@@ -262,7 +262,7 @@ func (s *StdNetBind) makeReceiveIPv6(pc *ipv6.PacketConn, conn *net.UDPConn) Rec
 			sizes[i] = msg.N
 			addrPort := msg.Addr.(*net.UDPAddr).AddrPort()
 			ep := asEndpoint(addrPort)
-			getSrcFromControl(msg.OOB, ep)
+			getSrcFromControl(msg.OOB[:msg.NN], ep)
 			eps[i] = ep
 		}
 		return numMsgs, nil
-- 
cgit v1.2.3-54-g00ecf