[wireguard] verify key length

This commit is contained in:
Nico Schottelius 2020-12-25 10:08:34 +01:00
parent a0fbe2d6ed
commit 663d72269a

View file

@ -38,17 +38,16 @@ class WireGuardVPNSerializer(serializers.ModelSerializer):
msg = _("Supplied key is not a valid wireguard public key")
"""
FIXME: verify that this does not create broken wireguard config files,
i.e. contains \n or similar!
We might even need to be more strict to not break wireguard...
Verify wireguard key.
See https://lists.zx2c4.com/pipermail/wireguard/2020-December/006221.html
"""
try:
base64.standard_b64decode(value)
decoded_key = base64.standard_b64decode(value)
except Exception as e:
raise serializers.ValidationError(msg)
if '\n' in value:
if not len(decoded_key) == 32:
raise serializers.ValidationError(msg)
return value