Re: Regression (or misconfig on my side?) after OpenOSPFd upgrade (OpenBSD 7.3 -> 7.4)
On 2023-11-07, Laurent CARON wrote: > Hi, > > After upgrading a 7.3 to 7.4 OpenBSD box, I noticed OSPF adjacencies > using a password are not coming up with the following in /var/log/messages: > > ospfd[55040]: recv_packet: authentication error, neighbor ID X.X.X.X > interface vlanXX > > After removing the authentication, I was able to get adjacencies to come up. > > Config contains: > > password="" > auth-key $password > auth-type simple > > This config was working perfectly fine until OpenBSD 7.3 but fails with 7.4 > > The 'only' way I found to have it working is to get rid of authentication. Out of interest, any particular reason to use auth-type simple (which always struck me as being pretty useless for a multicast protocol) rather than crypt?
Re: Regression (or misconfig on my side?) after OpenOSPFd upgrade (OpenBSD 7.3 -> 7.4)
Le 07/11/2023 à 10:59, Claudio Jeker a écrit : Ugh. My bad. I forgot that iface->auth_key is not really a string. So the code setting the auth_key would copy too much if you use a password with 8 chars. Using a password with 7 or less chars works fine. As a result of this overflow the checksum calculation in auth_validate fails and that's what you see. Diff below should fix this. Thanks Claudio, Gonna give it a try today. Cheers, Lauent
Re: Regression (or misconfig on my side?) after OpenOSPFd upgrade (OpenBSD 7.3 -> 7.4)
On Tue, Nov 07, 2023 at 10:59:48AM +0100, Claudio Jeker wrote: > On Tue, Nov 07, 2023 at 08:21:16AM +0100, Laurent CARON wrote: > > Hi, > > > > After upgrading a 7.3 to 7.4 OpenBSD box, I noticed OSPF adjacencies using a > > password are not coming up with the following in /var/log/messages: > > > > ospfd[55040]: recv_packet: authentication error, neighbor ID X.X.X.X > > interface vlanXX > > > > After removing the authentication, I was able to get adjacencies to come up. > > > > Config contains: > > > > password="" > > auth-key $password > > auth-type simple > > > > This config was working perfectly fine until OpenBSD 7.3 but fails with 7.4 > > > > The 'only' way I found to have it working is to get rid of authentication. > > > > Ugh. My bad. I forgot that iface->auth_key is not really a string. So the > code setting the auth_key would copy too much if you use a password with 8 > chars. Using a password with 7 or less chars works fine. > > As a result of this overflow the checksum calculation in auth_validate > fails and that's what you see. > > Diff below should fix this. ok tb > -- > :wq Claudio > > Index: auth.c > === > RCS file: /cvs/src/usr.sbin/ospfd/auth.c,v > diff -u -p -r1.22 auth.c > --- auth.c3 Jul 2023 09:40:47 - 1.22 > +++ auth.c7 Nov 2023 09:56:44 - > @@ -166,7 +166,8 @@ auth_gen(struct ibuf *buf, struct iface > fatalx("auth_gen: ibuf_set failed"); > > if (ibuf_set(buf, offsetof(struct ospf_hdr, auth_key), > - iface->auth_key, strlen(iface->auth_key)) == -1) > + iface->auth_key, strnlen(iface->auth_key, > + sizeof(iface->auth_key))) == -1) > fatalx("auth_gen: ibuf_set failed"); > break; > case AUTH_CRYPT: >
Re: Regression (or misconfig on my side?) after OpenOSPFd upgrade (OpenBSD 7.3 -> 7.4)
On Tue, Nov 07, 2023 at 08:21:16AM +0100, Laurent CARON wrote: > Hi, > > After upgrading a 7.3 to 7.4 OpenBSD box, I noticed OSPF adjacencies using a > password are not coming up with the following in /var/log/messages: > > ospfd[55040]: recv_packet: authentication error, neighbor ID X.X.X.X > interface vlanXX > > After removing the authentication, I was able to get adjacencies to come up. > > Config contains: > > password="" > auth-key $password > auth-type simple > > This config was working perfectly fine until OpenBSD 7.3 but fails with 7.4 > > The 'only' way I found to have it working is to get rid of authentication. > Ugh. My bad. I forgot that iface->auth_key is not really a string. So the code setting the auth_key would copy too much if you use a password with 8 chars. Using a password with 7 or less chars works fine. As a result of this overflow the checksum calculation in auth_validate fails and that's what you see. Diff below should fix this. -- :wq Claudio Index: auth.c === RCS file: /cvs/src/usr.sbin/ospfd/auth.c,v diff -u -p -r1.22 auth.c --- auth.c 3 Jul 2023 09:40:47 - 1.22 +++ auth.c 7 Nov 2023 09:56:44 - @@ -166,7 +166,8 @@ auth_gen(struct ibuf *buf, struct iface fatalx("auth_gen: ibuf_set failed"); if (ibuf_set(buf, offsetof(struct ospf_hdr, auth_key), - iface->auth_key, strlen(iface->auth_key)) == -1) + iface->auth_key, strnlen(iface->auth_key, + sizeof(iface->auth_key))) == -1) fatalx("auth_gen: ibuf_set failed"); break; case AUTH_CRYPT:
Regression (or misconfig on my side?) after OpenOSPFd upgrade (OpenBSD 7.3 -> 7.4)
Hi, After upgrading a 7.3 to 7.4 OpenBSD box, I noticed OSPF adjacencies using a password are not coming up with the following in /var/log/messages: ospfd[55040]: recv_packet: authentication error, neighbor ID X.X.X.X interface vlanXX After removing the authentication, I was able to get adjacencies to come up. Config contains: password="" auth-key $password auth-type simple This config was working perfectly fine until OpenBSD 7.3 but fails with 7.4 The 'only' way I found to have it working is to get rid of authentication. Thanks Laurent