From 2c9874ad1ab3b58d2f0e23137139c9ea07fa438c Mon Sep 17 00:00:00 2001 From: Riccardo Manfrin Date: Wed, 13 May 2026 15:23:25 +0200 Subject: [PATCH] Anticipates rp handler creation before generateConfig --- client/internal/rosenpass/manager.go | 27 +++++++++++++++++++- client/internal/rosenpass/manager_test.go | 31 +++++++++++++++++++++++ 2 files changed, 57 insertions(+), 1 deletion(-) diff --git a/client/internal/rosenpass/manager.go b/client/internal/rosenpass/manager.go index ed6d78128..f846540f7 100644 --- a/client/internal/rosenpass/manager.go +++ b/client/internal/rosenpass/manager.go @@ -60,7 +60,22 @@ func NewManager(preSharedKey *wgtypes.Key, wgIfaceName string) (*Manager, error) rpKeyHash := hashRosenpassKey(public) log.Tracef("generated new rosenpass key pair with public key %s", rpKeyHash) - return &Manager{ifaceName: wgIfaceName, rpKeyHash: rpKeyHash, spk: public, ssk: secret, preSharedKey: (*[32]byte)(preSharedKey), rpPeerIDs: make(map[string]*rp.PeerID), lock: sync.Mutex{}}, nil + return &Manager{ + ifaceName: wgIfaceName, + rpKeyHash: rpKeyHash, + spk: public, + ssk: secret, + preSharedKey: (*[32]byte)(preSharedKey), + rpPeerIDs: make(map[string]*rp.PeerID), + // rpWgHandler is created here (instead of only in generateConfig) so it + // is never nil between NewManager and Run(). Otherwise an early + // OnConnected call (race observed on Android, issue #4341) panics on + // nil receiver in addPeer -> m.rpWgHandler.AddPeer. generateConfig will + // replace it with a fresh handler on each Run() to clear stale peer + // state from previous engine sessions. + rpWgHandler: NewNetbirdHandler(), + lock: sync.Mutex{}, + }, nil } func (m *Manager) GetPubKey() []byte { @@ -74,6 +89,16 @@ func (m *Manager) GetAddress() *net.UDPAddr { // addPeer adds a new peer to the Rosenpass server func (m *Manager) addPeer(rosenpassPubKey []byte, rosenpassAddr string, wireGuardIP string, wireGuardPubKey string) error { + // Defense in depth against issue #4341 (Android crash): if Run() has not + // completed yet, m.server / m.rpWgHandler may be nil. Return an explicit + // error instead of panicking on nil-receiver dereference. + if m.server == nil { + return fmt.Errorf("rosenpass server not initialized") + } + if m.rpWgHandler == nil { + return fmt.Errorf("rosenpass wg handler not initialized") + } + var err error pcfg := rp.PeerConfig{PublicKey: rosenpassPubKey} if m.preSharedKey != nil { diff --git a/client/internal/rosenpass/manager_test.go b/client/internal/rosenpass/manager_test.go index c29b1ba2e..ace6f88da 100644 --- a/client/internal/rosenpass/manager_test.go +++ b/client/internal/rosenpass/manager_test.go @@ -229,6 +229,37 @@ func TestAddPeer_ServerError_Propagates(t *testing.T) { require.Error(t, err) } +// Regression guard for issue #4341 (Android crash). If Run() has not completed +// before OnConnected fires, m.rpWgHandler or m.server may be nil. Without the +// nil guards, m.rpWgHandler.AddPeer panics on nil receiver. +func TestAddPeer_NilHandler_ReturnsErrorNoCrash(t *testing.T) { + srv := &mockServer{} + m := newTestManager(0xFF, srv) + m.rpWgHandler = nil // simulate Run() not yet completed + + err := m.addPeer(make([]byte, 32), "rp:5000", "100.1.1.1", validWGKey(t, 1)) + require.Error(t, err) + require.Contains(t, err.Error(), "wg handler not initialized") +} + +func TestAddPeer_NilServer_ReturnsErrorNoCrash(t *testing.T) { + m := newTestManager(0xFF, nil) + m.server = nil // simulate Run() not yet completed + + err := m.addPeer(make([]byte, 32), "rp:5000", "100.1.1.1", validWGKey(t, 1)) + require.Error(t, err) + require.Contains(t, err.Error(), "server not initialized") +} + +// NewManager must pre-initialize rpWgHandler so the nil-receiver crash from +// issue #4341 cannot occur in the window between NewManager and Run(). +func TestNewManager_PreInitializesHandler(t *testing.T) { + psk := wgtypes.Key{} + m, err := NewManager(&psk, "wt0") + require.NoError(t, err) + require.NotNil(t, m.rpWgHandler, "rpWgHandler must be initialized in NewManager") +} + func TestAddPeer_RecordsPeerID(t *testing.T) { srv := &mockServer{} m := newTestManager(0xFF, srv)