From 175f7e16ddedba8472fd0362cec4dc8e0480564d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Chabot?= Date: Fri, 2 Mar 2018 23:08:25 +1100 Subject: [PATCH] GoBackend: parse allowed ips Signed-off-by: Jason A. Donenfeld --- .../wireguard/android/backend/GoBackend.java | 38 ++++++++++++++++--- 1 file changed, 33 insertions(+), 5 deletions(-) diff --git a/app/src/main/java/com/wireguard/android/backend/GoBackend.java b/app/src/main/java/com/wireguard/android/backend/GoBackend.java index a2e872c0..a8d5fc08 100644 --- a/app/src/main/java/com/wireguard/android/backend/GoBackend.java +++ b/app/src/main/java/com/wireguard/android/backend/GoBackend.java @@ -5,6 +5,7 @@ import android.content.Intent; import android.os.ParcelFileDescriptor; import android.support.v4.util.ArraySet; import android.util.Log; +import android.util.Pair; import com.wireguard.android.model.Tunnel; import com.wireguard.android.model.Tunnel.State; @@ -20,6 +21,7 @@ import java.net.InetSocketAddress; import java.util.Collections; import java.util.Formatter; import java.util.Set; +import java.util.Vector; public final class GoBackend implements Backend { private static final String TAG = "WireGuard/" + GoBackend.class.getSimpleName(); @@ -143,6 +145,33 @@ public final class GoBackend implements Backend { return "[" + socketAddress.getAddress().getHostAddress() + "]:" + socketAddress.getPort(); } + private Vector> parseAllowedIps(String string) throws Exception { + Vector> ret = new Vector<>(); + for (final String allowedIp : string.split(" *, *")) { + String[] part = allowedIp.split("/", 2); + if (part.length > 2) + throw new Exception("Invalid allowed ips string " + string); + + try { + InetAddress address = InetAddress.getByName(part[0]); + int networkPrefixLength; + if (part.length == 2) { + networkPrefixLength = Integer.valueOf(part[1]); + if (networkPrefixLength < 0 || networkPrefixLength > 128 + || (address instanceof Inet4Address && networkPrefixLength > 32)) + throw new Exception(); + } else { + networkPrefixLength = (address instanceof Inet4Address) ? 32 : 128; + } + + ret.add(new Pair<>(address.getHostAddress(), networkPrefixLength)); + } catch (Exception e) { + throw new Exception("Invalid allowed ips string " + string); + } + } + return ret; + } + private void setStateInternal(final Tunnel tunnel, final Config config, final State state) throws Exception { @@ -179,8 +208,8 @@ public final class GoBackend implements Backend { if (peer.getPersistentKeepalive() != null) fmt.format("persistent_keepalive_interval=%d\n", Integer.parseInt(peer.getPersistentKeepalive())); if (peer.getAllowedIPs() != null) { - for (final String allowedIp : peer.getAllowedIPs().split(" *, *")) { - fmt.format("allowed_ip=%s\n", allowedIp); + for (final Pair allowedIp : parseAllowedIps(peer.getAllowedIPs())) { + fmt.format("allowed_ip=%s\n", allowedIp.first + "/" + allowedIp.second); } } } @@ -195,9 +224,8 @@ public final class GoBackend implements Backend { for (final Peer peer : config.getPeers()) { if (peer.getAllowedIPs() != null) { - for (final String allowedIp : peer.getAllowedIPs().split(" *, *")) { - String[] part = allowedIp.split("/", 2); - builder.addRoute(part[0], Integer.parseInt(part[1])); + for (final Pair allowedIp : parseAllowedIps(peer.getAllowedIPs())) { + builder.addRoute(allowedIp.first, allowedIp.second); } } }