From 3f258d3500abcf77cc77554d2e2468905c159c3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Gilerson?= Date: Sun, 8 Mar 2026 01:59:39 +0100 Subject: [PATCH] Fix crash when peer has nil publicKey in site config Skip sites with empty/nil publicKey instead of passing them to the WireGuard UAPI layer, which expects a valid 64-char hex string. A nil key occurs when a Newt site has never connected. Previously this caused all sites to fail with "hex string does not fit the slice". --- olm/connect.go | 6 ++++++ olm/peer.go | 5 +++++ 2 files changed, 11 insertions(+) diff --git a/olm/connect.go b/olm/connect.go index dc05d1f..afa5c4b 100644 --- a/olm/connect.go +++ b/olm/connect.go @@ -172,6 +172,12 @@ func (o *Olm) handleConnect(msg websocket.WSMessage) { for i := range wgData.Sites { site := wgData.Sites[i] + + if site.PublicKey == "" { + logger.Warn("Skipping site %d (%s): no public key available (site may not be connected)", site.SiteId, site.Name) + continue + } + var siteEndpoint string // here we are going to take the relay endpoint if it exists which means we requested a relay for this peer if site.RelayEndpoint != "" { diff --git a/olm/peer.go b/olm/peer.go index 8007272..9d753b7 100644 --- a/olm/peer.go +++ b/olm/peer.go @@ -37,6 +37,11 @@ func (o *Olm) handleWgPeerAdd(msg websocket.WSMessage) { return } + if siteConfig.PublicKey == "" { + logger.Warn("Skipping add-peer for site %d (%s): no public key available (site may not be connected)", siteConfig.SiteId, siteConfig.Name) + return + } + _ = o.holePunchManager.TriggerHolePunch() // Trigger immediate hole punch attempt so that if the peer decides to relay we have already punched close to when we need it if err := o.peerManager.AddPeer(siteConfig); err != nil {