diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-08-05 16:44:06 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-08-05 16:44:06 +0200 |
commit | 4eeccd2b59cc09a384f3534df61c9ad8cf0118b7 (patch) | |
tree | 76f164fd11705eb83f349d9ea0d1336aa7b1eaff /src/netlink.c | |
parent | compat: do not run bc on clean target (diff) | |
download | wireguard-monolithic-historical-4eeccd2b59cc09a384f3534df61c9ad8cf0118b7.tar.xz wireguard-monolithic-historical-4eeccd2b59cc09a384f3534df61c9ad8cf0118b7.zip |
netlink: skip peers with invalid keys
Diffstat (limited to 'src/netlink.c')
-rw-r--r-- | src/netlink.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/netlink.c b/src/netlink.c index eb94f4d..0805a26 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -413,10 +413,16 @@ static int set_peer(struct wg_device *wg, struct nlattr **attrs) } up_read(&wg->static_identity.lock); - ret = -ENOMEM; peer = wg_peer_create(wg, public_key, preshared_key); - if (!peer) + if (IS_ERR(peer)) { + /* Similar to the above, if the key is invalid, we skip + * it without fanfare, so that services don't need to + * worry about doing key validation themselves. + */ + ret = PTR_ERR(peer) == -EKEYREJECTED ? 0 : PTR_ERR(peer); + peer = NULL; goto out; + } /* Take additional reference, as though we've just been * looked up. */ |