Page MenuHomeVyOS Platform
Create Task
Maniphest T1362

Incorrect handling of special characters in VRRP passwords
Closed, ResolvedPublicBUG
Actions

Description

When you add a VRRP authentication password with special characters the text is not sanitized.
This can lead to keepalived failing to start -

[email protected]:/home/vyos# systemctl status keepalived.service
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/lib/systemd/system/keepalived.service; disabled)
   Active: active (running) since Wed 2019-05-01 22:25:06 CDT; 19s ago

 [email protected]# set high-availability vrrp group eth0-200 authentication password !aaaa

[email protected]# compare 
[edit high-availability vrrp group eth0-200 authentication]
>password !aaaa

[email protected]# commit
[ high-availability vrrp ]
Reloading the VRRP process

[email protected]:~$ show vrrp 
VRRP is not running

[email protected]:/home/vyos# systemctl status keepalived.service -l
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/lib/systemd/system/keepalived.service; disabled)
   Active: inactive (dead)

May 01 22:28:03 FW Keepalived_vrrp[30094]: (Line 17) *** Configuration line starting `auth_pass` is missing a parameter after keyword `auth_pass` at word position 2

Need to escape the password when it's put in the config, or just not allow special characters.

Details

Difficulty level
Unknown (require assessment)
Version
1.2.1
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

xrpixer created this task.May 2 2019, 3:36 AM
pasik added a subscriber: pasik.May 4 2019, 1:28 PM
dmbaturin claimed this task.Jun 22 2019, 11:52 AM
dmbaturin changed the task status from Open to Needs testing.Jul 18 2019, 10:43 PM
syncer changed the task status from Needs testing to Backport candidate.Aug 31 2019, 12:38 AM
syncer triaged this task as Normal priority.
syncer edited projects, added VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.3); removed VyOS 1.2 Crux.
dmbaturin closed this task as Resolved.Aug 31 2019, 12:42 AM

Cherry-picked into crux.

syncer moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.3) board.Aug 31 2019, 12:51 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.
dmbaturin renamed this task from VRRP Auth Password Is Not Sanitized - to Incorrect handling of special characters in VRRP passwords.Sep 11 2019, 10:31 PM
dmbaturin set Is it a breaking change? to Unspecified (possibly destroys the router).
dmbaturin removed a project: VyOS 1.3 Equuleus.Sep 10 2021, 2:23 PM