1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 06:25:37 +03:00

Merge pull request #21940 from yuwata/network-wireguard-mask-allowed-ips

network: wireguard: handle invalid AllowedIPs= gracefully
This commit is contained in:
Luca Boccassi 2021-12-30 21:18:05 +00:00 committed by GitHub
commit af73d8bd83
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 2 deletions

View File

@ -686,6 +686,7 @@ int config_parse_wireguard_allowed_ips(
for (const char *p = rvalue;;) {
_cleanup_free_ char *word = NULL;
union in_addr_union masked;
r = extract_first_word(&p, &word, "," WHITESPACE, 0);
if (r == 0)
@ -705,13 +706,23 @@ int config_parse_wireguard_allowed_ips(
continue;
}
masked = addr;
assert_se(in_addr_mask(family, &masked, prefixlen) >= 0);
if (!in_addr_equal(family, &masked, &addr)) {
_cleanup_free_ char *buf = NULL;
(void) in_addr_prefix_to_string(family, &masked, prefixlen, &buf);
log_syntax(unit, LOG_WARNING, filename, line, 0,
"Specified address '%s' is not properly masked, assuming '%s'.", word, strna(buf));
}
ipmask = new(WireguardIPmask, 1);
if (!ipmask)
return log_oom();
*ipmask = (WireguardIPmask) {
.family = family,
.ip = addr,
.ip = masked,
.cidr = prefixlen,
};

View File

@ -12,7 +12,7 @@ RouteMetric=456
[WireGuardPeer]
PublicKey=RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=
AllowedIPs=fd31:bf08:57cb::/48,192.168.26.0/24
AllowedIPs=fd31:bf08:57cb::/48,192.168.26.3/24
#Endpoint=wireguard.example.com:51820
Endpoint=192.168.27.3:51820
PresharedKey=IIWIV17wutHv7t4cR6pOT91z6NSz/T8Arh0yaywhw3M=