Page MenuHomePhabricator

Wireguard allows invalid IP's
Closed, ResolvedPublicBUG

Description

Just noticed that wireguard allows you to use invalid ip's on interface address, peer endpoints and allowed-ips.

Steps to reproduce

set interfaces wireguard wg100 address 1.1.1/24
set interfaces wireguard wg100 peer bug pubkey kynrunLh++rE6yUjqL448GOH01ocrtkZpoEjOJwLOkQ=
set interfaces wireguard wg100 peer bug allowed-ips 1.1.2/32
set interfaces wireguard wg100 peer bug endpoint 1.1.1:5555
commit

returns

Unable to parse IP address: `1.1.2'

If you then show the interface for wireguard you get this output.

vyos@R1# show interfaces wireguard wg100
 address 1.1.1/24
 peer bug {
     allowed-ips 1.1.2/32
     endpoint 1.1.1:5555
     pubkey kynrunLh++rE6yUjqL448GOH01ocrtkZpoEjOJwLOkQ=
 }

Details

Commits
Restricted Diffusion Commit
Restricted Diffusion Commit
Difficulty level
Unknown (require assessment)
Version
VyOS 1.2.0
Why the issue appeared?
Will be filled on close

Event Timeline

Raeven created this task.Feb 9 2019, 10:27 AM
hagbard claimed this task.Feb 9 2019, 11:50 AM
hagbard changed the task status from Open to In progress.Feb 9 2019, 10:20 PM
hagbard triaged this task as Normal priority.
hagbard closed this task as Resolved by committing Restricted Diffusion Commit.Feb 9 2019, 10:53 PM
hagbard added a commit: Restricted Diffusion Commit.
dmbaturin added a commit: Restricted Diffusion Commit.Feb 28 2019, 2:10 PM