[wireguard] verify key length

2020-12-25 10:08:34 +01:00 · 2020-12-25 10:08:34 +01:00 · 663d72269a
commit 663d72269a
parent a0fbe2d6ed
1 changed files with 4 additions and 5 deletions
--- a/uncloud_net/serializers.py
+++ b/uncloud_net/serializers.py
@ -38,17 +38,16 @@ class WireGuardVPNSerializer(serializers.ModelSerializer):
        msg = _("Supplied key is not a valid wireguard public key")

        """
-        FIXME: verify that this does not create broken wireguard config files,
-        i.e. contains \n or similar!
-        We might even need to be more strict to not break wireguard...
+        Verify wireguard key.
+        See https://lists.zx2c4.com/pipermail/wireguard/2020-December/006221.html
        """

        try:
-            base64.standard_b64decode(value)
+            decoded_key = base64.standard_b64decode(value)
        except Exception as e:
            raise serializers.ValidationError(msg)

-        if '\n' in value:
+        if not len(decoded_key) == 32:
            raise serializers.ValidationError(msg)

        return value