2011/4/7 Vincent Bernat <ber...@debian.org>: > This bug is fixed in 1.2.1.
Great. I found the 1.2 branch in the VCS tree, so can now see what you mean. For the record, versions prior to v1.1.18 and from v1.2.1 truncate the password at eight (8) characters, whereas versions v1.1.18 through v1.2.0 truncate the password at seven (7) characters. I've submitted a patch upstream to get this added to the manual page for keepalived.conf(5) to reflect this truncation/limit. For this bug, would the package maintainer be willing to apply Vincent's patch (b4d88f76637add8f13d2de2291e4267e0b041a7d, attached) to version v1.1.20 in squeeze?
commit b4d88f76637add8f13d2de2291e4267e0b041a7d Author: Vincent Bernat <ber...@luffy.cx> Date: Sat May 15 11:34:28 2010 +0000 VRRP: handle passwords up to 8 characters A fix in keepalived 1.1.18 was truncating the password len for VRRP to 7 characters. We restore the limit to 8 characters. vrrp->auth_data is only handled using memcpy and sizeof. Therefore, we keep the current size to 8 chars and add the null character only when we need to display it. Also, we ensure that vrrp->auth_data is blanked before putting a new value in it, just for safety. diff --git a/keepalived/vrrp/vrrp_data.c b/keepalived/vrrp/vrrp_data.c index 98676cc..0512417 100644 --- a/keepalived/vrrp/vrrp_data.c +++ b/keepalived/vrrp/vrrp_data.c @@ -192,6 +192,7 @@ static void dump_vrrp(void *data) { vrrp_rt *vrrp = data; + char auth_data[sizeof(vrrp->auth_data) + 1]; log_message(LOG_INFO, " VRRP Instance = %s", vrrp->iname); if (vrrp->family == AF_INET6) @@ -225,7 +226,10 @@ dump_vrrp(void *data) log_message(LOG_INFO, " Authentication type = %s", (vrrp->auth_type == VRRP_AUTH_AH) ? "IPSEC_AH" : "SIMPLE_PASSWORD"); - log_message(LOG_INFO, " Password = %s", vrrp->auth_data); + /* vrrp->auth_data is not \0 terminated */ + memcpy(auth_data, vrrp->auth_data, sizeof(vrrp->auth_data)); + auth_data[sizeof(vrrp->auth_data)] = '\0'; + log_message(LOG_INFO, " Password = %s", auth_data); } if (!LIST_ISEMPTY(vrrp->track_ifp)) { log_message(LOG_INFO, " Tracked interfaces = %d", LIST_SIZE(vrrp->track_ifp)); diff --git a/keepalived/vrrp/vrrp_parser.c b/keepalived/vrrp/vrrp_parser.c index 3840073..b2295e9 100644 --- a/keepalived/vrrp/vrrp_parser.c +++ b/keepalived/vrrp/vrrp_parser.c @@ -306,11 +306,11 @@ vrrp_auth_pass_handler(vector strvec) int max_size = sizeof (vrrp->auth_data); int str_len = strlen(str); - if (str_len > max_size - 1) - str_len = max_size - 1; + if (str_len > max_size) + str_len = max_size; + memset(vrrp->auth_data, 0, max_size); memcpy(vrrp->auth_data, str, str_len); - vrrp->auth_data[str_len] = '\0'; } static void vrrp_vip_handler(vector strvec)