Page MenuHomeVyOS Platform
Create Task
Maniphest T1362

Incorrect handling of special characters in VRRP passwords
Closed, ResolvedPublicBUG
Actions

Description

When you add a VRRP authentication password with special characters the text is not sanitized.
This can lead to keepalived failing to start -

root@FW:/home/vyos# systemctl status keepalived.service
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/lib/systemd/system/keepalived.service; disabled)
   Active: active (running) since Wed 2019-05-01 22:25:06 CDT; 19s ago

 vyos@FW# set high-availability vrrp group eth0-200 authentication password !aaaa

vyos@FW# compare 
[edit high-availability vrrp group eth0-200 authentication]
>password !aaaa

vyos@FW# commit
[ high-availability vrrp ]
Reloading the VRRP process

vyos@FW:~$ show vrrp 
VRRP is not running

root@FW:/home/vyos# systemctl status keepalived.service -l
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/lib/systemd/system/keepalived.service; disabled)
   Active: inactive (dead)

May 01 22:28:03 FW Keepalived_vrrp[30094]: (Line 17) *** Configuration line starting `auth_pass` is missing a parameter after keyword `auth_pass` at word position 2

Need to escape the password when it's put in the config, or just not allow special characters.

Details

Version
1.2.1
Is it a breaking change?
Unspecified (possibly destroys the router)

Related Objects

Event Timeline

xrpixer created this task.May 2 2019, 3:36 AM
pasik subscribed.May 4 2019, 1:28 PM
dmbaturin claimed this task.Jun 22 2019, 11:52 AM
dmbaturin changed the task status from Open to Needs testing.Jul 18 2019, 10:43 PM
dmbaturin mentioned this in rVYOSONEXc0b7e14cb2ad: [VRRP] T1362: quote VRRP password strings to avoid config parse errors..Jul 19 2019, 2:43 AM
syncer closed this task as Unknown Status.Aug 31 2019, 12:38 AM
syncer triaged this task as Normal priority.
syncer edited projects, added VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.3); removed VyOS 1.2 Crux.
dmbaturin mentioned this in rVYOSONEXd7ba46851c75: [VRRP] T1362: quote VRRP password strings to avoid config parse errors..Aug 31 2019, 12:42 AM
dmbaturin changed the task status from Unknown Status to Resolved.Aug 31 2019, 12:42 AM

Cherry-picked into crux.

syncer moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.3) board.Aug 31 2019, 12:51 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.
dmbaturin renamed this task from VRRP Auth Password Is Not Sanitized - to Incorrect handling of special characters in VRRP passwords.Sep 11 2019, 10:31 PM
dmbaturin set Is it a breaking change? to Unspecified (possibly destroys the router).
dmbaturin removed a project: VyOS 1.3 Equuleus.Sep 10 2021, 2:23 PM