Page MenuHomePhabricator

Wireguard allows invalid IP's
Closed, ResolvedPublicBUG

Description

Just noticed that wireguard allows you to use invalid ip's on interface address, peer endpoints and allowed-ips.

Steps to reproduce

set interfaces wireguard wg100 address 1.1.1/24
set interfaces wireguard wg100 peer bug pubkey kynrunLh++rE6yUjqL448GOH01ocrtkZpoEjOJwLOkQ=
set interfaces wireguard wg100 peer bug allowed-ips 1.1.2/32
set interfaces wireguard wg100 peer bug endpoint 1.1.1:5555
commit

returns

Unable to parse IP address: `1.1.2'

If you then show the interface for wireguard you get this output.

vyos@R1# show interfaces wireguard wg100
 address 1.1.1/24
 peer bug {
     allowed-ips 1.1.2/32
     endpoint 1.1.1:5555
     pubkey kynrunLh++rE6yUjqL448GOH01ocrtkZpoEjOJwLOkQ=
 }

Details

Commits
Restricted Diffusion Commit
Difficulty level
Unknown (require assessment)
Version
VyOS 1.2.0
Why the issue appeared?
Will be filled on close
Raeven created this task.Sat, Feb 9, 10:27 AM
hagbard claimed this task.Sat, Feb 9, 11:50 AM
hagbard changed the task status from Open to In progress.Sat, Feb 9, 10:20 PM
hagbard triaged this task as Normal priority.
hagbard closed this task as Resolved by committing Restricted Diffusion Commit.Sat, Feb 9, 10:53 PM
hagbard added a commit: Restricted Diffusion Commit.