From a23ca3aeae75ab9b7e90280c222882961a916a70 Mon Sep 17 00:00:00 2001
From: David Vazgenovich Shakaryan <dvshakaryan@gmail.com>
Date: Mon, 15 Dec 2025 08:58:03 -0800
Subject: stricter regex for ipspecs

---
 wg-genconf.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'wg-genconf.py')

diff --git a/wg-genconf.py b/wg-genconf.py
index f94022d..b56347a 100755
--- a/wg-genconf.py
+++ b/wg-genconf.py
@@ -120,7 +120,7 @@ def deep_merge(d, src):
 # by default, this returns network addresses with host bits removed.
 # passing interface=True will maintain the host bits.
 def ipspec_to_ips(peer, ipspec, interface=False):
-    if not (m := re.fullmatch(r'\{peer(.)?(/.*)?\}', ipspec)):
+    if not (m := re.fullmatch(r'\{peer([46])?(/.+)?\}', ipspec)):
         return [ipspec]
 
     version = m[1]
@@ -130,7 +130,7 @@ def ipspec_to_ips(peer, ipspec, interface=False):
         lambda x: ipaddress.ip_network(x, False))
 
     return [
-        str(f(x if subnet == '/-' else f'{x.ip}{subnet if subnet else ''}'))
+        str(f(x if subnet == '/-' else f'{x.ip}{subnet or ''}'))
         for x in peer.ip_interfaces(version)]
 
 def ipspecs_to_ips(peer, ipspecs, interface=False):
-- 
cgit v1.2.3-70-g09d2