Merge pull request #1621 from sarthurdev/T4774

wireguard: T4774: Prevent duplicate peer public keys

1 files changed, 7 insertions, 0 deletions

diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py
index 8d738f55e..762bad94f 100755
--- a/src/conf_mode/interfaces-wireguard.py
+++ b/src/conf_mode/interfaces-wireguard.py
@@ -87,6 +87,8 @@ def verify(wireguard):
                                'cannot be used for the interface!')
 
     # run checks on individual configured WireGuard peer
+    public_keys = []
+
     for tmp in wireguard['peer']:
         peer = wireguard['peer'][tmp]
 
@@ -100,6 +102,11 @@ def verify(wireguard):
             raise ConfigError('Both Wireguard port and address must be defined '
                               f'for peer "{tmp}" if either one of them is set!')
 
+        if peer['public_key'] in public_keys:
+            raise ConfigError(f'Duplicate public-key defined on peer "{tmp}"')
+
+        public_keys.append(peer['public_key'])
+
 def apply(wireguard):
     tmp = WireGuardIf(wireguard['ifname'])
     if 'deleted' in wireguard: