Page MenuHomeVyOS Platform

Wireguard allows invalid IP's
Closed, ResolvedPublicBUG

Description

Just noticed that wireguard allows you to use invalid ip's on interface address, peer endpoints and allowed-ips.

Steps to reproduce

set interfaces wireguard wg100 address 1.1.1/24
set interfaces wireguard wg100 peer bug pubkey kynrunLh++rE6yUjqL448GOH01ocrtkZpoEjOJwLOkQ=
set interfaces wireguard wg100 peer bug allowed-ips 1.1.2/32
set interfaces wireguard wg100 peer bug endpoint 1.1.1:5555
commit

returns

Unable to parse IP address: `1.1.2'

If you then show the interface for wireguard you get this output.

[email protected]# show interfaces wireguard wg100
 address 1.1.1/24
 peer bug {
     allowed-ips 1.1.2/32
     endpoint 1.1.1:5555
     pubkey kynrunLh++rE6yUjqL448GOH01ocrtkZpoEjOJwLOkQ=
 }

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.2.0
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Revisions and Commits

Event Timeline

hagbard changed the task status from Open to In progress.Feb 9 2019, 10:20 PM
hagbard triaged this task as Normal priority.
hagbard closed this task as Resolved by committing Restricted Diffusion Commit.Feb 9 2019, 10:53 PM
hagbard added a commit: Restricted Diffusion Commit.
dmbaturin added a commit: Restricted Diffusion Commit.Feb 28 2019, 2:10 PM
dmbaturin set Is it a breaking change? to Unspecified (possibly destroys the router).
dmbaturin set Issue type to Unspecified (please specify).