wg: remove key for any empty file

Rather than just using /dev/null to mean key removal, match on any empty
file, so that this interface is cross platform.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

diff --git a/src/config.c b/src/config.c
index e6db6ad475f3d32c97d2716bd9afa8e12bade440..da19cc32c642c735fe6b042e67410b5a49e52d9a 100644 (file)
--- a/src/config.c
+++ b/src/config.c
@@ -390,7 +390,6 @@ static int read_line(char **dst, const char *path)
 {
        FILE *f;
        size_t n = 0;
-       struct stat stat;
 
        *dst = NULL;
 
@@ -399,22 +398,15 @@ static int read_line(char **dst, const char *path)
                perror("fopen");
                return -1;
        }
-       if (fstat(fileno(f), &stat) < 0) {
-               perror("fstat");
-               fclose(f);
-               return -1;
-       }
-       if (S_ISCHR(stat.st_mode) && stat.st_rdev == makedev(1, 3)) {
-               fclose(f);
-               return 1;
-       }
-       if (getline(dst, &n, f) < 0) {
+       if (getline(dst, &n, f) < 0 && errno) {
                perror("getline");
                fclose(f);
                return -1;
        }
        fclose(f);
        n = strlen(*dst);
+       if (!n)
+               return 1;
        while (--n) {
                if (isspace((*dst)[n]))
                        (*dst)[n] = '\0';

diff --git a/src/wg.8 b/src/wg.8
index 54ae3781c1306ef18861c4f88bb18ca22a2b80f1..2ec005c561c8ff0c6e49d4d3ae02286018e47e2c 100644 (file)
--- a/src/wg.8
+++ b/src/wg.8
@@ -60,20 +60,21 @@ most systems but if you are using
 .BR bash (1),
 you may safely pass in a string by specifying as \fIprivate-key\fP or
 \fIpreshared-key\fP the expression: <(echo PRIVATEKEYSTRING). If
-\fI/dev/null\fP is specified as the filename for either \fIprivate-key\fP or
-\fIpreshared-key\fP, the key is removed from the device. The use of
-\fIpreshared-key\fP is optional, and may be omitted; it adds an additional
-layer of symmetric-key cryptography to be mixed into the already existing
-public-key cryptography, for post-quantum resistance. If \fIallowed-ips\fP
-is specified, but the value is the empty string, all allowed ips are removed
-from the peer. The use of \fIpersistent-keepalive\fP is optional and is by
-default off; setting it to 0 or "off", disables it. Otherwise it represents,
-in seconds, between 1 and 65535 inclusive, how often to send an authenticated
-empty packet to the peer, for the purpose of keeping a stateful firewall or NAT
-mapping valid persistently. For example, if the interface very rarely sends
-traffic, but it might at anytime receive traffic from a peer, and it is behind
-NAT, the interface might benefit from having a persistent keepalive interval
-of 25 seconds; however, most users will not need this.
+\fI/dev/null\fP or another empty file is specified as the filename for
+either \fIprivate-key\fP or \fIpreshared-key\fP, the key is removed from
+the device. The use of \fIpreshared-key\fP is optional, and may be omitted;
+it adds an additional layer of symmetric-key cryptography to be mixed into
+the already existing public-key cryptography, for post-quantum resistance.
+If \fIallowed-ips\fP is specified, but the value is the empty string, all
+allowed ips are removed from the peer. The use of \fIpersistent-keepalive\fP
+is optional and is by default off; setting it to 0 or "off", disables it.
+Otherwise it represents, in seconds, between 1 and 65535 inclusive, how often
+to send an authenticated empty packet to the peer, for the purpose of keeping
+a stateful firewall or NAT mapping valid persistently. For example, if the
+interface very rarely sends traffic, but it might at anytime receive traffic
+from a peer, and it is behind NAT, the interface might benefit from having a
+persistent keepalive interval of 25 seconds; however, most users will not need
+this.
 .TP
 \fBsetconf\fP \fI<interface>\fP \fI<configuration-filename>\fP
 Sets the current configuration of \fI<interface>\fP to the contents of