You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Simon Law
3ee4c60ff0
cmd/derper: fix mesh auth for DERP servers ( #16061 ) ...
To authenticate mesh keys, the DERP servers used a simple == comparison,
which is susceptible to a side channel timing attack.
By extracting the mesh key for a DERP server, an attacker could DoS it
by forcing disconnects using derp.Client.ClosePeer. They could also
enumerate the public Wireguard keys, IP addresses and ports for nodes
connected to that DERP server.
DERP servers configured without mesh keys deny all such requests.
This patch also extracts the mesh key logic into key.DERPMesh, to
prevent this from happening again.
Security bulletin: https://tailscale.com/security-bulletins#ts-2025-003
Fixes tailscale/corp#28720
Signed-off-by: Simon Law <sfllaw@tailscale.com>
11 months ago
..
appctype
appc,ipn/ipnlocal,types/appctype: implement control provided routes
2 years ago
bools
types/bools: fix doc typo ( #15021 )
1 year ago
dnstype
cmd/viewer,all: consistently use "read-only" instead of "readonly"
1 year ago
empty
all: update copyright and license headers
3 years ago
flagtype
all: update copyright and license headers
3 years ago
iox
types/iox: add function types for Reader and Writer ( #14366 )
1 year ago
ipproto
all: use Go 1.22 range-over-int
2 years ago
jsonx
types/jsonx: add package for json/v2 helpers ( #15756 )
12 months ago
key
cmd/derper: fix mesh auth for DERP servers ( #16061 )
11 months ago
lazy
all: unify some redundant testing.TB interface copies
1 year ago
logger
types/logger: release ArgWriter destination after use
12 months ago
logid
types/logid: add Add method ( #12478 )
2 years ago
mapx
types/mapx, ipn/ipnext: add ordered map, akin to set.Slice
12 months ago
netlogtype
all: update copyright and license headers
3 years ago
netmap
control/controlclient,health,tailcfg: refactor control health messages ( #15839 )
11 months ago
nettype
wgengine/magicsock, types/nettype, etc: finish ReadFromUDPAddrPort netip migration
3 years ago
opt
all: statically enforce json/v2 interface satisfaction ( #15154 )
1 year ago
persist
types/persist: remove Persist.LegacyFrontendPrivateMachineKey
1 year ago
prefs
all: statically enforce json/v2 interface satisfaction ( #15154 )
1 year ago
preftype
cmd/tailscaled,*: add start of configuration file support
3 years ago
ptr
all: update copyright and license headers
3 years ago
result
types/result, util/lineiter: add package for a result type, use it
1 year ago
structs
all: update copyright and license headers
3 years ago
tkatype
types/tkatype: add test for MarshaledSignature's JSON format
3 years ago
views
types/views: make SliceEqualAnyOrder also do short slice optimization
1 year ago
Simon Law
3ee4c60ff0