From 2734ff6bd8bcd66309f4fa1fdd866bae814d3a43 Mon Sep 17 00:00:00 2001
From: Pat Ruddy <pat@voltanet.io>
Date: Mon, 20 Jul 2020 13:54:04 +0100
Subject: [PATCH] bgpd: do not clear password if peer is dynamic

When deleting a dynamic peer, unsetting md5 password would cause
it to be unset on the listener allowing unauthenticated connections
from any peer in the range.
Check for dynamic peers in peer delete and avoid this.

Signed-off-by: Pat Ruddy <pat@voltanet.io>
---
 bgpd/bgpd.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c
index c19f707727..3056a5fe62 100644
--- a/bgpd/bgpd.c
+++ b/bgpd/bgpd.c
@@ -2284,9 +2284,9 @@ int peer_delete(struct peer *peer)
 	/* Password configuration */
 	if (CHECK_FLAG(peer->flags, PEER_FLAG_PASSWORD)) {
 		XFREE(MTYPE_PEER_PASSWORD, peer->password);
-
 		if (!accept_peer && !BGP_PEER_SU_UNSPEC(peer)
-		    && !CHECK_FLAG(peer->sflags, PEER_STATUS_GROUP))
+		    && !CHECK_FLAG(peer->sflags, PEER_STATUS_GROUP)
+		    && !CHECK_FLAG(peer->flags, PEER_FLAG_DYNAMIC_NEIGHBOR))
 			bgp_md5_unset(peer);
 	}