Validate WireGuard port selection in the CLI

author: David Lönnhager <david.l@mullvad.net> 2022-07-06 14:39:45 +0200
committer: David Lönnhager <david.l@mullvad.net> 2022-07-11 13:51:27 +0200
commit: 44568512b11d2d446fd35f79f5f2be1e7f02e4fc (patch)
tree: 7a9237e91af98d12e6dfb8b59b7e422614b3fa89 /mullvad-cli
parent: ebda07a2b094844c7ff760dbb91176a8f96f3197 (diff)
download: mullvadvpn-44568512b11d2d446fd35f79f5f2be1e7f02e4fc.tar.xz
mullvadvpn-44568512b11d2d446fd35f79f5f2be1e7f02e4fc.zip
1 files changed, 20 insertions, 2 deletions
diff --git a/mullvad-cli/src/cmds/relay.rs b/mullvad-cli/src/cmds/relay.rs
index 22bf4788f2..e48c4681f9 100644
--- a/mullvad-cli/src/cmds/relay.rs
+++ b/mullvad-cli/src/cmds/relay.rs
@@ -554,12 +554,30 @@ impl Relay {
 
     async fn set_wireguard_constraints(&self, matches: &clap::ArgMatches) -> Result<()> {
         let mut rpc = new_rpc_client().await?;
+        let relay_list = rpc
+            .get_relay_locations(())
+            .await?
+            .into_inner()
+            .wireguard
+            .unwrap();
         let mut wireguard_constraints = self.get_wireguard_constraints(&mut rpc).await?;
 
         if let Some(port) = matches.value_of("port") {
             wireguard_constraints.port = match parse_port_constraint(port)? {
                 Constraint::Any => 0,
-                Constraint::Only(specific_port) => u32::from(specific_port),
+                Constraint::Only(specific_port) => {
+                    let specific_port = u32::from(specific_port);
+
+                    let is_valid_port = relay_list
+                        .port_ranges
+                        .iter()
+                        .any(|range| range.first <= specific_port && specific_port <= range.last);
+                    if !is_valid_port {
+                        return Err(Error::CommandFailed("The specified port is invalid"));
+                    }
+
+                    specific_port
+                }
             }
         }
 
@@ -755,7 +773,7 @@ fn parse_port_constraint(raw_port: &str) -> Result<Constraint<u16>> {
     match raw_port.to_lowercase().as_str() {
         "any" => Ok(Constraint::Any),
         port => Ok(Constraint::Only(u16::from_str(port).map_err(|_| {
-            Error::InvalidCommand("Invalid port. Must be \"any\" or [0-65535].")
+            Error::InvalidCommand("Invalid port. Must be \"any\" or 0-65535.")
         })?)),
     }
 }
author	David Lönnhager <david.l@mullvad.net>	2022-07-06 14:39:45 +0200
committer	David Lönnhager <david.l@mullvad.net>	2022-07-11 13:51:27 +0200
commit	44568512b11d2d446fd35f79f5f2be1e7f02e4fc (patch)
tree	7a9237e91af98d12e6dfb8b59b7e422614b3fa89 /mullvad-cli
parent	ebda07a2b094844c7ff760dbb91176a8f96f3197 (diff)
download	mullvadvpn-44568512b11d2d446fd35f79f5f2be1e7f02e4fc.tar.xz mullvadvpn-44568512b11d2d446fd35f79f5f2be1e7f02e4fc.zip