Hi, This diff implements the hashing of the carp password before using it inside of the Kernel. It fix the problem that passwords like "12345678901234567890" and "12345678901234567890XXX" are equal for carp. But It breaks the compatibility with older Versions. Maybe you need to increase the protocol number?
bluhm@ have an other idea to solve this problem: ifconfig could XOR every 20 Byte long Chuck of the Passwort. This would not break the compatibility of setups with less than 20 char password. Just tell me every thing thats wrong with that diff and I will fix it. bye, Jan Index: ifconfig.c =================================================================== RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v retrieving revision 1.264 diff -u -p -r1.264 ifconfig.c --- ifconfig.c 31 May 2013 19:56:06 -0000 1.264 +++ ifconfig.c 2 Jul 2013 10:12:53 -0000 @@ -101,6 +101,7 @@ #include <string.h> #include <unistd.h> #include <ifaddrs.h> +#include <sha1.h> #include "brconfig.h" @@ -3383,6 +3384,7 @@ void setcarp_passwd(const char *val, int d) { struct carpreq carpr; + SHA1_CTX sha; bzero(&carpr, sizeof(struct carpreq)); ifr.ifr_data = (caddr_t)&carpr; @@ -3390,8 +3392,9 @@ setcarp_passwd(const char *val, int d) if (ioctl(s, SIOCGVH, (caddr_t)&ifr) == -1) err(1, "SIOCGVH"); - /* XXX Should hash the password into the key here, perhaps? */ - strlcpy((char *)carpr.carpr_key, val, CARP_KEY_LEN); + SHA1Init(&sha); + SHA1Update(&sha, val, strlen(val)); + SHA1Final((char *)carpr.carpr_key, &sha); if (ioctl(s, SIOCSVH, (caddr_t)&ifr) == -1) err(1, "SIOCSVH");