From: Mike Yuan <me@yhndnzj.com>
Date: Wed, 11 Sep 2024 19:49:00 +0000 (+0200)
Subject: network/wireguard: refuse default key if all zero
X-Git-Tag: v257-rc1~468
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=53c75243af0cbeac6517024fdaf15c65e5b258a8;p=thirdparty%2Fsystemd.git

network/wireguard: refuse default key if all zero

Follow-up for fa724cd52c1335d6b3225b74c1a9c801389997ba

We attempt to retrieve default key if eqzero(Wireguard.private_key),
but a all zero default key should be refused too.
---

diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c
index f4b7045151a..9715cf4034c 100644
--- a/src/network/netdev/wireguard.c
+++ b/src/network/netdev/wireguard.c
@@ -1175,7 +1175,7 @@ static int wireguard_read_default_key_cred(NetDev *netdev, const char *filename)
                                               "%s: No private key specified and default key cannot be parsed, "
                                               "ignoring network device: %m",
                                               filename);
-        if (len != WG_KEY_LEN)
+        if (len != WG_KEY_LEN || memeqzero(key, len))
                 return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
                                               "%s: No private key specified and default key is invalid. "
                                               "Ignoring network device.",