network/wireguard: refuse default key if all zero

author Mike Yuan <me@yhndnzj.com>

Wed, 11 Sep 2024 19:49:00 +0000 (21:49 +0200)

committer Lennart Poettering <lennart@poettering.net>

Thu, 12 Sep 2024 07:25:50 +0000 (09:25 +0200)
author Mike Yuan <me@yhndnzj.com>
Wed, 11 Sep 2024 19:49:00 +0000 (21:49 +0200)
committer Lennart Poettering <lennart@poettering.net>
Thu, 12 Sep 2024 07:25:50 +0000 (09:25 +0200)
diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c

index f4b7045151adb094eda2ee2974f89d02ed529fec..9715cf4034c3892152cebcc88d4e50cfa2b2f085 100644 (file)
--- a/src/network/netdev/wireguard.c
+++ b/src/network/netdev/wireguard.c
@@ -1175,7 +1175,7 @@ static int wireguard_read_default_key_cred(NetDev *netdev, const char *filename)
                                                "%s: No private key specified and default key cannot be parsed, "
                                                "ignoring network device: %m",
                                                filename);
-        if (len != WG_KEY_LEN)
+        if (len != WG_KEY_LEN || memeqzero(key, len))
                  return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
                                                "%s: No private key specified and default key is invalid. "
                                                "Ignoring network device.",
author	Mike Yuan <me@yhndnzj.com>
	Wed, 11 Sep 2024 19:49:00 +0000 (21:49 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Thu, 12 Sep 2024 07:25:50 +0000 (09:25 +0200)