From 663d72269ab0169b1ac92da09a81e647fe579573 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Fri, 25 Dec 2020 10:08:34 +0100 Subject: [PATCH] [wireguard] verify key length --- uncloud_net/serializers.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/uncloud_net/serializers.py b/uncloud_net/serializers.py index fc87c71..09baa59 100644 --- a/uncloud_net/serializers.py +++ b/uncloud_net/serializers.py @@ -38,17 +38,16 @@ class WireGuardVPNSerializer(serializers.ModelSerializer): msg = _("Supplied key is not a valid wireguard public key") """ - FIXME: verify that this does not create broken wireguard config files, - i.e. contains \n or similar! - We might even need to be more strict to not break wireguard... + Verify wireguard key. + See https://lists.zx2c4.com/pipermail/wireguard/2020-December/006221.html """ try: - base64.standard_b64decode(value) + decoded_key = base64.standard_b64decode(value) except Exception as e: raise serializers.ValidationError(msg) - if '\n' in value: + if not len(decoded_key) == 32: raise serializers.ValidationError(msg) return value