Page MenuHomeVyOS Platform

Incorrect handling of special characters in VRRP passwords
Closed, ResolvedPublicBUG

Description

When you add a VRRP authentication password with special characters the text is not sanitized.
This can lead to keepalived failing to start -

root@FW:/home/vyos# systemctl status keepalived.service
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/lib/systemd/system/keepalived.service; disabled)
   Active: active (running) since Wed 2019-05-01 22:25:06 CDT; 19s ago

 vyos@FW# set high-availability vrrp group eth0-200 authentication password !aaaa

vyos@FW# compare 
[edit high-availability vrrp group eth0-200 authentication]
>password !aaaa

vyos@FW# commit
[ high-availability vrrp ]
Reloading the VRRP process

vyos@FW:~$ show vrrp 
VRRP is not running

root@FW:/home/vyos# systemctl status keepalived.service -l
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/lib/systemd/system/keepalived.service; disabled)
   Active: inactive (dead)

May 01 22:28:03 FW Keepalived_vrrp[30094]: (Line 17) *** Configuration line starting `auth_pass` is missing a parameter after keyword `auth_pass` at word position 2

Need to escape the password when it's put in the config, or just not allow special characters.

Details

Difficulty level
Unknown (require assessment)
Version
1.2.1
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

dmbaturin changed the task status from Open to Needs testing.Jul 18 2019, 10:43 PM
syncer changed the task status from Needs testing to Backport candidate.Aug 31 2019, 12:38 AM
syncer triaged this task as Normal priority.

Cherry-picked into crux.

dmbaturin renamed this task from VRRP Auth Password Is Not Sanitized - to Incorrect handling of special characters in VRRP passwords.Sep 11 2019, 10:31 PM
dmbaturin set Is it a breaking change? to Unspecified (possibly destroys the router).