From 86a3d44de5326fd4d714e90bf9012360f1d028a2 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 10 Apr 2019 14:26:23 +0900
Subject: [PATCH] network: fix use-of-uninitialized-value or null dereference

This fixes a bug introduced by 6ef5c881dd5568f08dc35013e24f7d857f36b207.

Fixes oss-fuzz#14157 and oss-fuzz#14158.
---
 src/network/netdev/wireguard.c              | 16 +++++-----------
 test/fuzz/fuzz-netdev-parser/oss-fuzz-14157 |  5 +++++
 test/fuzz/fuzz-netdev-parser/oss-fuzz-14158 |  5 +++++
 3 files changed, 15 insertions(+), 11 deletions(-)
 create mode 100644 test/fuzz/fuzz-netdev-parser/oss-fuzz-14157
 create mode 100644 test/fuzz/fuzz-netdev-parser/oss-fuzz-14158

diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c
index 5aa10fc4de..7959c1c01f 100644
--- a/src/network/netdev/wireguard.c
+++ b/src/network/netdev/wireguard.c
@@ -498,24 +498,18 @@ static int wireguard_decode_key_and_warn(
                 (void) warn_file_is_world_accessible(filename, NULL, unit, line);
 
         r = unbase64mem_full(rvalue, strlen(rvalue), true, &key, &len);
-        if (r < 0) {
-                log_syntax(unit, LOG_ERR, filename, line, r,
+        if (r < 0)
+                return log_syntax(unit, LOG_ERR, filename, line, r,
                            "Failed to decode wireguard key provided by %s=, ignoring assignment: %m", lvalue);
-                goto finalize;
-        }
         if (len != WG_KEY_LEN) {
-                log_syntax(unit, LOG_ERR, filename, line, 0,
+                explicit_bzero_safe(key, len);
+                return log_syntax(unit, LOG_ERR, filename, line, 0,
                            "Wireguard key provided by %s= has invalid length (%zu bytes), ignoring assignment.",
                            lvalue, len);
-                goto finalize;
         }
 
         memcpy(ret, key, WG_KEY_LEN);
-        r = 0;
-
-finalize:
-        explicit_bzero_safe(key, len);
-        return r;
+        return 0;
 }
 
 int config_parse_wireguard_private_key(
diff --git a/test/fuzz/fuzz-netdev-parser/oss-fuzz-14157 b/test/fuzz/fuzz-netdev-parser/oss-fuzz-14157
new file mode 100644
index 0000000000..d3a65e1fed
--- /dev/null
+++ b/test/fuzz/fuzz-netdev-parser/oss-fuzz-14157
@@ -0,0 +1,5 @@
+[NetDev]
+Name=w
+Kind=wireguard
+[WireGuardPeer]
+PublicKey=e
\ No newline at end of file
diff --git a/test/fuzz/fuzz-netdev-parser/oss-fuzz-14158 b/test/fuzz/fuzz-netdev-parser/oss-fuzz-14158
new file mode 100644
index 0000000000..6f6bf723b4
--- /dev/null
+++ b/test/fuzz/fuzz-netdev-parser/oss-fuzz-14158
@@ -0,0 +1,5 @@
+[NetDev]
+Name=w
+Kind=wireguard
+[WireGuard]
+PrivateKey=E
\ No newline at end of file