From 0cf51b17e97c93e988c52cc3462061e085facc3c Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 25 Apr 2024 18:48:22 +0200
Subject: [PATCH] wireguard.cgi: Ensure that AllowedIPs are in CIDR format

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 html/cgi-bin/wireguard.cgi | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/html/cgi-bin/wireguard.cgi b/html/cgi-bin/wireguard.cgi
index 45363c0d4..8f5cababe 100644
--- a/html/cgi-bin/wireguard.cgi
+++ b/html/cgi-bin/wireguard.cgi
@@ -1170,6 +1170,19 @@ sub pool_is_in_use($) {
 sub generate_client_configuration($) {
 	my $peer = shift;
 
+	my @allowed_ips = ();
+
+	# Convert all subnets into CIDR notation
+	foreach my $subnet ($peer->{'LOCAL_SUBNETS'}) {
+		my $netaddress = &Network::get_netaddress($subnet);
+		my $prefix     = &Network::get_prefix($subnet);
+
+		# Skip invalid subnets
+		next if (!defined $netaddress || !defined $prefix);
+
+		push(@allowed_ips, "${netaddress}/${prefix}");
+	}
+
 	my @conf = (
 		"[Interface]",
 		"PrivateKey = $peer->{'PRIVATE_KEY'}",
@@ -1180,7 +1193,7 @@ sub generate_client_configuration($) {
 		"Endpoint = $General::main{'HOSTNAME'}.$General::main{'DOMAINNAME'}",
 		"PublicKey = $settings{'PUBLIC_KEY'}",
 		"PresharedKey = $peer->{'PSK'}",
-		"AllowedIPs = $peer->{'LOCAL_SUBNETS'}",
+		"AllowedIPs = " . join(", ", @allowed_ips),
 		"PersistentKeepalive = $DEFAULT_KEEPALIVE",
 	);
 
-- 
2.39.5