Skip to content

IPv6 endpoint validation inconsistency between validation.rs and wireguard_builder.rs #355

Open
Open
IPv6 endpoint validation inconsistency between validation.rs and wireguard_builder.rs#355
Labels
bugSomething isn't workingbuildersConnection builder API and validationnmrsChanges to nmrswireguardWireGuard VPN protocol
@cachebag

Description

@cachebag
cachebag
opened on Apr 14, 2026

ipv6 endpoint parsing is handled differently in two places:

  • wireguard_builder.rs:420-431 correctly handles [IPv6]:port using rsplitn
  • validation.rs:269-276 (validate_wireguard_peer) uses split(':').next_back() which will misparse ipv6 addresses since they contain colons

related: validate_cidr and validate_ip_address in validation.rs use heuristic string splitting on . / : rather than std::net::IpAddr::parse(). malformed-but-plausible addresses can slip through.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingbuildersConnection builder API and validationnmrsChanges to nmrswireguardWireGuard VPN protocol

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions