summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--nhrpd/nhrp_peer.c49
-rw-r--r--nhrpd/nhrp_protocol.h1
-rw-r--r--nhrpd/nhrp_vty.c1
3 files changed, 42 insertions, 9 deletions
diff --git a/nhrpd/nhrp_peer.c b/nhrpd/nhrp_peer.c
index d2c1a8c401..fa11980c18 100644
--- a/nhrpd/nhrp_peer.c
+++ b/nhrpd/nhrp_peer.c
@@ -1169,22 +1169,55 @@ static bool nhrp_connection_authorized(struct nhrp_packet_parser *pp)
struct nhrp_extension_header *ext;
struct zbuf *extensions, pl;
int cmp = 1;
+ int pl_pass_length, auth_pass_length;
+ size_t auth_size, pl_size;
extensions = zbuf_alloc(zbuf_used(&pp->extensions));
zbuf_copy_peek(extensions, &pp->extensions, zbuf_used(&pp->extensions));
while ((ext = nhrp_ext_pull(extensions, &pl)) != NULL) {
switch (htons(ext->type) & ~NHRP_EXTENSION_FLAG_COMPULSORY) {
case NHRP_EXTENSION_AUTHENTICATION:
- cmp = memcmp(auth->buf, pl.buf, zbuf_size(auth));
+ /* Size of authentication extensions
+ * (varies based on password length)
+ */
+ auth_size = zbuf_size(auth);
+ pl_size = zbuf_size(&pl);
auth_ext = (struct nhrp_cisco_authentication_extension *)
auth->buf;
- debugf(NHRP_DEBUG_COMMON,
- "Processing Authentication Extension for (%s:%s|%d)",
- auth_ext->secret,
- ((struct nhrp_cisco_authentication_extension *)
- pl.buf)
- ->secret,
- cmp);
+
+ if (auth_size == pl_size)
+ cmp = memcmp(auth_ext, pl.buf, auth_size);
+ else
+ cmp = 1;
+
+ if (unlikely(debug_flags & NHRP_DEBUG_COMMON)) {
+ /* 4 bytes in nhrp_cisco_authentication_extension are allocated
+ * toward the authentication type. The remaining bytes are used for the
+ * password - so the password length is just the length of the extension - 4
+ */
+ auth_pass_length = (auth_size - 4);
+ pl_pass_length = (pl_size - 4);
+ /* Because characters are to be printed in HEX, (2* the max pass length) + 1
+ * is needed for the string representation
+ */
+ char auth_pass[(2 * NHRP_CISCO_PASS_LEN) + 1] = { 0 },
+ pl_pass[(2 * NHRP_CISCO_PASS_LEN) + 1] = { 0 };
+ /* Converting bytes in buffer to HEX and saving output as a string -
+ * Passphrase is converted to HEX in order to avoid printing
+ * non ACII-compliant characters
+ */
+ for (int i = 0; i < (auth_pass_length); i++)
+ snprintf(auth_pass + (i * 2), 3, "%02X",
+ auth_ext->secret[i]);
+ for (int i = 0; i < (pl_pass_length); i++)
+ snprintf(pl_pass + (i * 2), 3, "%02X",
+ ((struct nhrp_cisco_authentication_extension *)pl.buf)
+ ->secret[i]);
+
+ debugf(NHRP_DEBUG_COMMON,
+ "Processing Authentication Extension for (%s:%s|%d)",
+ auth_pass, pl_pass, cmp);
+ }
break;
default:
/* Ignoring all received extensions except Authentication*/
diff --git a/nhrpd/nhrp_protocol.h b/nhrpd/nhrp_protocol.h
index 8cf1ebbcd6..a4fb315b0e 100644
--- a/nhrpd/nhrp_protocol.h
+++ b/nhrpd/nhrp_protocol.h
@@ -73,6 +73,7 @@
/* NHRP Authentication extension types (ala Cisco) */
#define NHRP_AUTHENTICATION_PLAINTEXT 0x00000001
+#define NHRP_CISCO_PASS_LEN 8
/* NHRP Packet Structures */
struct nhrp_packet_header {
diff --git a/nhrpd/nhrp_vty.c b/nhrpd/nhrp_vty.c
index f202576960..199f4d75d4 100644
--- a/nhrpd/nhrp_vty.c
+++ b/nhrpd/nhrp_vty.c
@@ -467,7 +467,6 @@ DEFUN(if_no_nhrp_holdtime, if_no_nhrp_holdtime_cmd,
return CMD_SUCCESS;
}
-#define NHRP_CISCO_PASS_LEN 8
DEFPY(if_nhrp_authentication, if_nhrp_authentication_cmd,
AFI_CMD "nhrp authentication PASSWORD$password",
AFI_STR