Page MenuHomePhabricator

VRRP Auth Password Is Not Sanitized -
Needs testing, Requires assessmentPublicBUG

Description

When you add a VRRP authentication password with special characters the text is not sanitized.
This can lead to keepalived failing to start -

root@FW:/home/vyos# systemctl status keepalived.service
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/lib/systemd/system/keepalived.service; disabled)
   Active: active (running) since Wed 2019-05-01 22:25:06 CDT; 19s ago

 vyos@FW# set high-availability vrrp group eth0-200 authentication password !aaaa

vyos@FW# compare 
[edit high-availability vrrp group eth0-200 authentication]
>password !aaaa

vyos@FW# commit
[ high-availability vrrp ]
Reloading the VRRP process

vyos@FW:~$ show vrrp 
VRRP is not running

root@FW:/home/vyos# systemctl status keepalived.service -l
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/lib/systemd/system/keepalived.service; disabled)
   Active: inactive (dead)

May 01 22:28:03 FW Keepalived_vrrp[30094]: (Line 17) *** Configuration line starting `auth_pass` is missing a parameter after keyword `auth_pass` at word position 2

Need to escape the password when it's put in the config, or just not allow special characters.

Details

Difficulty level
Unknown (require assessment)
Version
1.2.1
Why the issue appeared?
Will be filled on close

Event Timeline

xrpixer created this task.May 2 2019, 3:36 AM
pasik added a subscriber: pasik.May 4 2019, 1:28 PM
dmbaturin changed the task status from Open to Needs testing.Jul 18 2019, 10:43 PM