Re: Regression (or misconfig on my side?) after OpenOSPFd upgrade (OpenBSD 7.3 -> 7.4)

2023-11-09 Thread Stuart Henderson 
On 2023-11-07, Laurent CARON  wrote:
> Hi,
>
> After upgrading a 7.3 to 7.4 OpenBSD box, I noticed OSPF adjacencies 
> using a password are not coming up with the following in /var/log/messages:
>
> ospfd[55040]: recv_packet: authentication error, neighbor ID X.X.X.X 
> interface vlanXX
>
> After removing the authentication, I was able to get adjacencies to come up.
>
> Config contains:
>
> password=""
> auth-key $password
> auth-type simple
>
> This config was working perfectly fine until OpenBSD 7.3 but fails with 7.4
>
> The 'only' way I found to have it working is to get rid of authentication.

Out of interest, any particular reason to use auth-type simple (which
always struck me as being pretty useless for a multicast protocol)
rather than crypt?

Re: Regression (or misconfig on my side?) after OpenOSPFd upgrade (OpenBSD 7.3 -> 7.4)

2023-11-07 Thread Laurent CARON 



Le 07/11/2023 à 10:59, Claudio Jeker a écrit :

Ugh. My bad. I forgot that iface->auth_key is not really a string. So the
code setting the auth_key would copy too much if you use a password with 8
chars. Using a password with 7 or less chars works fine.

As a result of this overflow the checksum calculation in auth_validate
fails and that's what you see.

Diff below should fix this.



Thanks Claudio,

Gonna give it a try today.

Cheers,

Lauent

Re: Regression (or misconfig on my side?) after OpenOSPFd upgrade (OpenBSD 7.3 -> 7.4)

2023-11-07 Thread Theo Buehler 
On Tue, Nov 07, 2023 at 10:59:48AM +0100, Claudio Jeker wrote:
> On Tue, Nov 07, 2023 at 08:21:16AM +0100, Laurent CARON wrote:
> > Hi,
> > 
> > After upgrading a 7.3 to 7.4 OpenBSD box, I noticed OSPF adjacencies using a
> > password are not coming up with the following in /var/log/messages:
> > 
> > ospfd[55040]: recv_packet: authentication error, neighbor ID X.X.X.X
> > interface vlanXX
> > 
> > After removing the authentication, I was able to get adjacencies to come up.
> > 
> > Config contains:
> > 
> > password=""
> > auth-key $password
> > auth-type simple
> > 
> > This config was working perfectly fine until OpenBSD 7.3 but fails with 7.4
> > 
> > The 'only' way I found to have it working is to get rid of authentication.
> > 
> 
> Ugh. My bad. I forgot that iface->auth_key is not really a string. So the
> code setting the auth_key would copy too much if you use a password with 8
> chars. Using a password with 7 or less chars works fine.
> 
> As a result of this overflow the checksum calculation in auth_validate
> fails and that's what you see.
> 
> Diff below should fix this.

ok tb

> -- 
> :wq Claudio
> 
> Index: auth.c
> ===
> RCS file: /cvs/src/usr.sbin/ospfd/auth.c,v
> diff -u -p -r1.22 auth.c
> --- auth.c3 Jul 2023 09:40:47 -   1.22
> +++ auth.c7 Nov 2023 09:56:44 -
> @@ -166,7 +166,8 @@ auth_gen(struct ibuf *buf, struct iface 
>   fatalx("auth_gen: ibuf_set failed");
>  
>   if (ibuf_set(buf, offsetof(struct ospf_hdr, auth_key),
> - iface->auth_key, strlen(iface->auth_key)) == -1)
> + iface->auth_key, strnlen(iface->auth_key,
> + sizeof(iface->auth_key))) == -1)
>   fatalx("auth_gen: ibuf_set failed");
>   break;
>   case AUTH_CRYPT:
>

Re: Regression (or misconfig on my side?) after OpenOSPFd upgrade (OpenBSD 7.3 -> 7.4)

2023-11-07 Thread Claudio Jeker 
On Tue, Nov 07, 2023 at 08:21:16AM +0100, Laurent CARON wrote:
> Hi,
> 
> After upgrading a 7.3 to 7.4 OpenBSD box, I noticed OSPF adjacencies using a
> password are not coming up with the following in /var/log/messages:
> 
> ospfd[55040]: recv_packet: authentication error, neighbor ID X.X.X.X
> interface vlanXX
> 
> After removing the authentication, I was able to get adjacencies to come up.
> 
> Config contains:
> 
> password=""
> auth-key $password
> auth-type simple
> 
> This config was working perfectly fine until OpenBSD 7.3 but fails with 7.4
> 
> The 'only' way I found to have it working is to get rid of authentication.
> 

Ugh. My bad. I forgot that iface->auth_key is not really a string. So the
code setting the auth_key would copy too much if you use a password with 8
chars. Using a password with 7 or less chars works fine.

As a result of this overflow the checksum calculation in auth_validate
fails and that's what you see.

Diff below should fix this.
-- 
:wq Claudio

Index: auth.c
===
RCS file: /cvs/src/usr.sbin/ospfd/auth.c,v
diff -u -p -r1.22 auth.c
--- auth.c  3 Jul 2023 09:40:47 -   1.22
+++ auth.c  7 Nov 2023 09:56:44 -
@@ -166,7 +166,8 @@ auth_gen(struct ibuf *buf, struct iface 
fatalx("auth_gen: ibuf_set failed");
 
if (ibuf_set(buf, offsetof(struct ospf_hdr, auth_key),
-   iface->auth_key, strlen(iface->auth_key)) == -1)
+   iface->auth_key, strnlen(iface->auth_key,
+   sizeof(iface->auth_key))) == -1)
fatalx("auth_gen: ibuf_set failed");
break;
case AUTH_CRYPT:

Regression (or misconfig on my side?) after OpenOSPFd upgrade (OpenBSD 7.3 -> 7.4)

2023-11-07 Thread Laurent CARON 

Hi,

After upgrading a 7.3 to 7.4 OpenBSD box, I noticed OSPF adjacencies 
using a password are not coming up with the following in /var/log/messages:


ospfd[55040]: recv_packet: authentication error, neighbor ID X.X.X.X 
interface vlanXX


After removing the authentication, I was able to get adjacencies to come up.

Config contains:

password=""
auth-key $password
auth-type simple

This config was working perfectly fine until OpenBSD 7.3 but fails with 7.4

The 'only' way I found to have it working is to get rid of authentication.

Thanks

Laurent