On Tue, Nov 07, 2023 at 10:59:48AM +0100, Claudio Jeker wrote:
> On Tue, Nov 07, 2023 at 08:21:16AM +0100, Laurent CARON wrote:
> > Hi,
> >
> > After upgrading a 7.3 to 7.4 OpenBSD box, I noticed OSPF adjacencies using a
> > password are not coming up with the following in /var/log/messages:
> >
> > ospfd[55040]: recv_packet: authentication error, neighbor ID X.X.X.X
> > interface vlanXX
> >
> > After removing the authentication, I was able to get adjacencies to come up.
> >
> > Config contains:
> >
> > password="XXXXXXXX"
> > auth-key $password
> > auth-type simple
> >
> > This config was working perfectly fine until OpenBSD 7.3 but fails with 7.4
> >
> > The 'only' way I found to have it working is to get rid of authentication.
> >
>
> Ugh. My bad. I forgot that iface->auth_key is not really a string. So the
> code setting the auth_key would copy too much if you use a password with 8
> chars. Using a password with 7 or less chars works fine.
>
> As a result of this overflow the checksum calculation in auth_validate
> fails and that's what you see.
>
> Diff below should fix this.
ok tb
> --
> :wq Claudio
>
> Index: auth.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/ospfd/auth.c,v
> diff -u -p -r1.22 auth.c
> --- auth.c 3 Jul 2023 09:40:47 -0000 1.22
> +++ auth.c 7 Nov 2023 09:56:44 -0000
> @@ -166,7 +166,8 @@ auth_gen(struct ibuf *buf, struct iface
> fatalx("auth_gen: ibuf_set failed");
>
> if (ibuf_set(buf, offsetof(struct ospf_hdr, auth_key),
> - iface->auth_key, strlen(iface->auth_key)) == -1)
> + iface->auth_key, strnlen(iface->auth_key,
> + sizeof(iface->auth_key))) == -1)
> fatalx("auth_gen: ibuf_set failed");
> break;
> case AUTH_CRYPT:
>
