forked from uncloud/uncloud
[wireguard] verify key length
This commit is contained in:
parent
a0fbe2d6ed
commit
663d72269a
1 changed files with 4 additions and 5 deletions
|
@ -38,17 +38,16 @@ class WireGuardVPNSerializer(serializers.ModelSerializer):
|
||||||
msg = _("Supplied key is not a valid wireguard public key")
|
msg = _("Supplied key is not a valid wireguard public key")
|
||||||
|
|
||||||
"""
|
"""
|
||||||
FIXME: verify that this does not create broken wireguard config files,
|
Verify wireguard key.
|
||||||
i.e. contains \n or similar!
|
See https://lists.zx2c4.com/pipermail/wireguard/2020-December/006221.html
|
||||||
We might even need to be more strict to not break wireguard...
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
try:
|
try:
|
||||||
base64.standard_b64decode(value)
|
decoded_key = base64.standard_b64decode(value)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
raise serializers.ValidationError(msg)
|
raise serializers.ValidationError(msg)
|
||||||
|
|
||||||
if '\n' in value:
|
if not len(decoded_key) == 32:
|
||||||
raise serializers.ValidationError(msg)
|
raise serializers.ValidationError(msg)
|
||||||
|
|
||||||
return value
|
return value
|
||||||
|
|
Loading…
Reference in a new issue