Page MenuHomeVyOS Platform
Create Task
Maniphest T1238

Wireguard allows invalid IP's
Closed, ResolvedPublicBUG
Actions

Description

Just noticed that wireguard allows you to use invalid ip's on interface address, peer endpoints and allowed-ips.

Steps to reproduce

set interfaces wireguard wg100 address 1.1.1/24
set interfaces wireguard wg100 peer bug pubkey kynrunLh++rE6yUjqL448GOH01ocrtkZpoEjOJwLOkQ=
set interfaces wireguard wg100 peer bug allowed-ips 1.1.2/32
set interfaces wireguard wg100 peer bug endpoint 1.1.1:5555
commit

returns

Unable to parse IP address: `1.1.2'

If you then show the interface for wireguard you get this output.

vyos@R1# show interfaces wireguard wg100
 address 1.1.1/24
 peer bug {
     allowed-ips 1.1.2/32
     endpoint 1.1.1:5555
     pubkey kynrunLh++rE6yUjqL448GOH01ocrtkZpoEjOJwLOkQ=
 }

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.2.0
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Revisions and Commits

Restricted Diffusion Commit
Restricted Diffusion Commit

Event Timeline

Raeven created this task.Feb 9 2019, 10:27 AM
hagbard claimed this task.Feb 9 2019, 11:50 AM
hagbard changed the task status from Open to In progress.Feb 9 2019, 10:20 PM
hagbard triaged this task as Normal priority.
hagbard closed this task as Resolved by committing Restricted Diffusion Commit.Feb 9 2019, 10:53 PM
hagbard added a commit: Restricted Diffusion Commit.
dmbaturin added a commit: Restricted Diffusion Commit.Feb 28 2019, 2:10 PM
syncer edited projects, added VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.0-GA); removed VyOS 1.2 Crux.Aug 31 2019, 3:11 AM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.
syncer moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-GA) board.
dmbaturin edited projects, added VyOS 1.3 Equuleus (1.3.0-epa1); removed VyOS 1.3 Equuleus.Sep 11 2021, 1:52 AM
dmbaturin removed a project: VyOS 1.3 Equuleus (1.3.0-epa1).Sep 29 2021, 1:37 PM
dmbaturin set Is it a breaking change? to Unspecified (possibly destroys the router).
dmbaturin set Issue type to Unspecified (please specify).