On 07/04/2012 05:09 AM, Paul Gear wrote:
Hi all,
The quagga ospfd module in pfSense 2.0.1 amd64 has a flaw in how it
writes the config file, which causes MD5 authentication to fail.
Basically, it puts quotes around the message-digest-key supplied, which
is not required, and is taken by quagga as part of the password. This
causes a mismatch with other (non-pfSense) OSPF routers. e.g. If my
other systems use asdf1234 as the password, they get a mismatch, because
pfSense uses "asdf1234".
I've prepared a one-line patch to quagga_ospfd.inc to fix this, but i'm
wondering about input validation. I've had a look through the quagga
source code trying to find out what it accepts as valid characters in an
MD5 key, and i can't follow their code well enough to work out where the
input validation is done. Nothing in RFC2328 suggests that there are
any restrictions whatsoever on the characters in the key, but presumably
quagga must have some restrictions in order to read it from an ASCII or
UTF-8 (not sure which) config file.
Any thoughts?
Thanks in advance,
Paul
Hi
I'm not sure about this. I'm using sane version, md5 authentication, one
session with a Cisco and another with a Linux Quagga. It works fine.
BR
--
Dan Cândea
Does God Play Dice?
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
