[PR #98] [MERGED] Fix crash when peer has nil publicKey in site config #659

New Issue

GiteaMirror · 2026-05-05T10:26:31-05:00

GiteaMirror commented

2026-05-05 10:26:31 -05:00

📋 Pull Request Information

Original PR: https://github.com/fosrl/olm/pull/98
Author: @AndreGilerson
Created: 3/8/2026
Status: ✅ Merged
Merged: 3/8/2026
Merged by: @oschwartz10612

Base: dev ← Head: dev

📝 Commits (1)

99e6357 Fix crash when peer has nil publicKey in site config

📊 Changes

2 files changed (+11 additions, -0 deletions)

View changed files

📝 olm/connect.go (+6 -0)
📝 olm/peer.go (+5 -0)

📄 Description

Describe the Bug

The OLM client crashes with a WireGuard IPC error when any site in the server response has a nil publicKey. The client does not validate or skip peers with missing keys, causing the entire tunnel setup to fail, even if other sites have valid keys.

This happened on my setup, because I had a few unrelated issues with setting up the pangolin server and i was regularly resetting the server. I had two sites setup, and at some point one of the sites was turned off, and never logged back in again to update its key, but was still registered with the server. After i fixed the other issue (which were unrelated and caused by a wrong port config in the firewall where i opened one of the ports only for TCP and not UDP traffic) the cli refused to connect with the error message below until I had reconnected the second site.

INFO: 2026/03/07 14:14:18 Starting HTTP server on socket /var/run/olm.sock                                                                                                                                                                                                                                            
INFO: 2026/03/07 14:14:18 Created shared UDP socket on port 56237 (refcount: 2)                                                                                                                                                                                                                                       
INFO: 2026/03/07 14:14:18 Starting hole punch for 1 exit nodes                                                                                                                                                                                                                                                        
INFO: 2026/03/07 14:14:18 Websocket Connected                                                                                                                                                                                                                                                                         
INFO: 2026/03/07 14:14:19 The tunnel IP is: XXXXXXXXX                                                                                                                                                                                                                                                         
INFO: 2026/03/07 14:14:19 Set IPv4 addresses: [XXXXXXXX], subnet masks: [255.255.255.0]                                                                                                                                                                                                                           
INFO: 2026/03/07 14:14:19 Set MTU: 1280                                                                                                                                                                                                                                                                               
INFO: 2026/03/07 14:14:19 Added IPv4 included route: {DestinationAddress:XXXXXXXXX SubnetMask:255.255.255.0 GatewayAddress: IsDefault:false}                                                                                                                                                                       
INFO: 2026/03/07 14:14:19 Adding route to XXXXXXXXX via interface pangolin                                                                                                                                                                                                                                      
INFO: 2026/03/07 14:14:19 Added route for remote subnet: XXXXXXXXX                                                                                                                                                                                                                                              
ERROR: 2026/03/07 14:14:19 wireguard: IPC error -22: failed to get peer by public key: hex string does not fit the slice                                                                                                                                                                                              
ERROR: 2026/03/07 14:14:19 Failed to add peer: failed to configure WireGuard peer: IPC error -22: failed to get peer by public key: hex string does not fit the slice

I believe this is related to https://github.com/fosrl/olm/issues/32, but not entirely sure, because the issue is not describing the problem in greater detail.

Environment

OS Type & Version: Ubuntu 25.10
Pangolin Version: 1.16.2
Gerbil Version: 1.3.0
Cli Version: 0.5.1
Olm Version: v1.4.3

But the bug has also been observed on the android play store app.

Community Contribution License Agreement

By creating this pull request, I grant the project maintainers an unlimited,
perpetual license to use, modify, and redistribute these contributions under any terms they
choose, including both the AGPLv3 and the Fossorial Commercial license terms. I
represent that I have the right to grant this license for all contributed content.

Description

Skip sites with empty/nil publicKey instead of passing them to the WireGuard UAPI layer, which expects a valid 64-char hex string. A nil key occurs when a Newt site has never connected. Previously this caused all sites to fail with "hex string does not fit the slice".

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/fosrl/olm/pull/98 **Author:** [@AndreGilerson](https://github.com/AndreGilerson) **Created:** 3/8/2026 **Status:** ✅ Merged **Merged:** 3/8/2026 **Merged by:** [@oschwartz10612](https://github.com/oschwartz10612) **Base:** `dev` ← **Head:** `dev` --- ### 📝 Commits (1) - [`99e6357`](https://github.com/fosrl/olm/commit/99e635713d4594bf6a91bd5a2f83c209febd7dc0) Fix crash when peer has nil publicKey in site config ### 📊 Changes **2 files changed** (+11 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `olm/connect.go` (+6 -0) 📝 `olm/peer.go` (+5 -0) </details> ### 📄 Description ## Describe the Bug The OLM client crashes with a WireGuard IPC error when any site in the server response has a `nil` publicKey. The client does not validate or skip peers with missing keys, causing the entire tunnel setup to fail, even if other sites have valid keys. This happened on my setup, because I had a few unrelated issues with setting up the pangolin server and i was regularly resetting the server. I had two sites setup, and at some point one of the sites was turned off, and never logged back in again to update its key, but was still registered with the server. After i fixed the other issue (which were unrelated and caused by a wrong port config in the firewall where i opened one of the ports only for TCP and not UDP traffic) the cli refused to connect with the error message below until I had reconnected the second site. ``` INFO: 2026/03/07 14:14:18 Starting HTTP server on socket /var/run/olm.sock INFO: 2026/03/07 14:14:18 Created shared UDP socket on port 56237 (refcount: 2) INFO: 2026/03/07 14:14:18 Starting hole punch for 1 exit nodes INFO: 2026/03/07 14:14:18 Websocket Connected INFO: 2026/03/07 14:14:19 The tunnel IP is: XXXXXXXXX INFO: 2026/03/07 14:14:19 Set IPv4 addresses: [XXXXXXXX], subnet masks: [255.255.255.0] INFO: 2026/03/07 14:14:19 Set MTU: 1280 INFO: 2026/03/07 14:14:19 Added IPv4 included route: {DestinationAddress:XXXXXXXXX SubnetMask:255.255.255.0 GatewayAddress: IsDefault:false} INFO: 2026/03/07 14:14:19 Adding route to XXXXXXXXX via interface pangolin INFO: 2026/03/07 14:14:19 Added route for remote subnet: XXXXXXXXX ERROR: 2026/03/07 14:14:19 wireguard: IPC error -22: failed to get peer by public key: hex string does not fit the slice ERROR: 2026/03/07 14:14:19 Failed to add peer: failed to configure WireGuard peer: IPC error -22: failed to get peer by public key: hex string does not fit the slice ``` I believe this is related to https://github.com/fosrl/olm/issues/32, but not entirely sure, because the issue is not describing the problem in greater detail. ## Environment - OS Type & Version: Ubuntu 25.10 - Pangolin Version: 1.16.2 - Gerbil Version: 1.3.0 - Cli Version: 0.5.1 - Olm Version: v1.4.3 But the bug has also been observed on the android play store app. ## Community Contribution License Agreement By creating this pull request, I grant the project maintainers an unlimited, perpetual license to use, modify, and redistribute these contributions under any terms they choose, including both the AGPLv3 and the Fossorial Commercial license terms. I represent that I have the right to grant this license for all contributed content. ## Description Skip sites with empty/nil publicKey instead of passing them to the WireGuard UAPI layer, which expects a valid 64-char hex string. A nil key occurs when a Newt site has never connected. Previously this caused all sites to fail with "hex string does not fit the slice". --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-05-05 10:26:31 -05:00

GiteaMirror closed this issue

2026-05-05 10:26:32 -05:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/olm#659