Buffer overruns, license violations, and bad code: FreeBSD 13’s close call

Buffer overruns, license violations, and bad code: FreeBSD 13’s close call

40,000 lines of flawed code almost made it into FreeBSD's kernel—we examine how.

At first glance, Matthew Macy seemed like a perfectly reasonable choice to port WireGuard into the FreeBSD kernel. WireGuard is an encrypted point-to-point tunneling protocol, part of what most people think of as a "VPN." FreeBSD is a Unix-like operating system that powers everything from Cisco and Juniper routers to Netflix's network stack, and Macy had plenty of experience on its dev team, including work on multiple network drivers.

So when Jim Thompson, the CEO of Netgate, which makes FreeBSD-powered routers, decided it was time for FreeBSD to enjoy the same level of in-kernel WireGuard support that Linux does, he reached out to offer Macy a contract. Macy would port WireGuard into the FreeBSD kernel, where Netgate could then use it in the company's popular pfSense router distribution. The contract was offered without deadlines or milestones; Macy was simply to get the job done on his own schedule.

With Macy's level of experience—with kernel coding and network stacks in particular—the project looked like a slam dunk. But things went awry almost immediately. WireGuard founding developer Jason Donenfeld didn't hear about the project until it surfaced on a FreeBSD mailing list, and Macy didn't seem interested in Donenfeld's assistance when offered. After roughly nine months of part-time development, Macy committed his port—largely unreviewed and inadequately tested—directly into the HEAD section of FreeBSD's code repository, where it was scheduled for incorporation into FreeBSD 13.0-RELEASE.

This unexpected commit raised the stakes for Donenfeld, whose project would ultimately be judged on the quality of any production release under the WireGuard name. Donenfeld identified numerous problems with Macy's code, but rather than object to the port's release, Donenfeld decided to fix the issues. He collaborated with FreeBSD developer Kyle Evans and with Matt Dunwoodie, an OpenBSD developer who had worked on WireGuard for that operating system. The three replaced almost all of Macy's code in a mad week-long sprint.
Advertisement

This went over very poorly with Netgate, which sponsored Macy's work. Netgate had already taken Macy's beta code from a FreeBSD 13 release candidate and placed it into production in pfSense's 2.5.0 release. The forklift upgrade performed by Donenfeld and collaborators—along with Donenfeld's sharp characterization of Macy's code—presented the company with a serious PR problem.

Netgate's public response included accusations of "irrational bias against mmacy and Netgate" and irresponsible disclosure of "a number of zero-day exploits"—despite Netgate's near-simultaneous declaration that no actual vulnerabilities existed.

This combative response from Netgate raised increased scrutiny from many sources, which uncovered surprising elements of Macy's own past. He and his wife Nicole had been arrested in 2008 after two years spent attempting to illegally evict tenants from a small San Francisco apartment building the pair had bought.

The Macys' attempts to force their tenants out included sawing through floor support joists to make the building unfit for human habitation, sawing holes directly through the floors of tenants' apartments, and forging extremely threatening emails appearing to be from the tenants themselves. The couple fled to Italy to avoid prosecution but were eventually extradited back to the US—where they pled guilty to a reduced set of felonies and served four years and four months each.

Macy's history as a landlord, unsurprisingly, dogged him professionally—which contributed to his own lack of attention to the doomed WireGuard port.

"I didn't even want to do this work," Macy eventually told us. "I was burned out, spent many months with post-COVID syndrome... I'd suffered through years of verbal abuse from non-doers and semi-non-doers in the project whose one big one up on me is that they aren't felons. I jumped at the opportunity to leave the project in December... I just felt a moral obligation to get [the WireGuard port] over the finish line. So you'll have to forgive me if my final efforts were a bit half-hearted."

https://www.loudounbar.org/advert/watch-freewisconsin-vs-bemidji-state-live-stream-ice-hockey-bridgeport-regional-semifinal-free/

https://www.loudounbar.org/advert/free-bemidji-state-vs-wisconsin-live-stream-ice-hockey-bridgeport-regional-semifinal-free/

https://www.loudounbar.org/advert/hockey-free-massachusetts-vs-lake-superior-state-live-stream-ice-hockey-bridgeport-regional-semifinal-free/

https://www.loudounbar.org/advert/semifinal-lake-superior-state-vs-massachusetts-live-stream-ice-hockey-bridgeport-regional-semifinal-free/

https://www.loudounbar.org/advert/watch-freeminnesota-duluth-vs-michigan-live-stream-ice-hockey-fargo-regional-semifinal-free/

https://www.loudounbar.org/advert/free-michigan-vs-minnesota-duluth-live-stream-ice-hockey-fargo-regional-semifinal-free/

https://www.loudounbar.org/advert/free-american-international-vs-north-dakota-live-stream-ice-hockey-fargo-regional-semifinal-free/

https://www.loudounbar.org/advert/watch-freenorth-dakota-vs-american-international-live-stream-ice-hockey-fargo-regional-semifinal-free/

https://blog.goo.ne.jp/huas/e/0e0a8369f1f19494a861bd27b2392f2d

https://www.deviantart.com/htfrttr/journal/Buffer-overruns-license-violations-and-bad-code-874417650

https://paiza.io/projects/WbjtPV4qDEA-sBV_aN_-bw