proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-14 16:04:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bgpd: do not clear password if peer is dynamic

Browse Source 
When deleting a dynamic peer, unsetting md5 password would cause
it to be unset on the listener allowing unauthenticated connections
from any peer in the range.
Check for dynamic peers in peer delete and avoid this.

Signed-off-by: Pat Ruddy <pat@voltanet.io>
This commit is contained in:
Pat Ruddy 2020-07-20 13:54:04 +01:00
parent a4faae3aac
commit 2734ff6bd8
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bgpd/bgpd.c
View File

@ -2284,9 +2284,9 @@ int peer_delete(struct peer *peer)
/* Password configuration */ /* Password configuration */
if (CHECK_FLAG(peer->flags, PEER_FLAG_PASSWORD)) { if (CHECK_FLAG(peer->flags, PEER_FLAG_PASSWORD)) {
XFREE(MTYPE_PEER_PASSWORD, peer->password); XFREE(MTYPE_PEER_PASSWORD, peer->password);
if (!accept_peer && !BGP_PEER_SU_UNSPEC(peer) if (!accept_peer && !BGP_PEER_SU_UNSPEC(peer)
&& !CHECK_FLAG(peer->sflags, PEER_STATUS_GROUP)) && !CHECK_FLAG(peer->sflags, PEER_STATUS_GROUP)
&& !CHECK_FLAG(peer->flags, PEER_FLAG_DYNAMIC_NEIGHBOR))
bgp_md5_unset(peer); bgp_md5_unset(peer);
} }