BFD: Fix crash related to reconfiguration and passwords

Any change in BFD iface configuration should trigger session
reconfiguration, as config is copied into the bfd_session structure
and not just accessed through the bfd_iface structure.

As bfd_session now contains a pointer to the password list allocated
from the configuration, forgetting to update the bfd_session causes
use-after-free.

Thanks to Lexi Winter for the bugreport.

diff --git a/proto/bfd/bfd.c b/proto/bfd/bfd.c
index a4d186ec07fef8e6de787ef070fed9d955c36dbf..b678a0e5bbe03b06e6cf4dd1b656314880386791 100644 (file)
--- a/proto/bfd/bfd.c
+++ b/proto/bfd/bfd.c
@@ -657,13 +657,15 @@ bfd_reconfigure_iface(struct bfd_proto *p, struct bfd_iface *ifa, struct bfd_con
   struct bfd_iface_config *new = bfd_find_iface_config(nc, ifa->iface);
   struct bfd_iface_config *old = ifa->cf;
 
-  /* Check options that are handled in bfd_reconfigure_session() */
+  /* Any configuration change should trigger bfd_reconfigure_session() */
   ifa->changed =
     (new->min_rx_int != old->min_rx_int) ||
     (new->min_tx_int != old->min_tx_int) ||
     (new->idle_tx_int != old->idle_tx_int) ||
     (new->multiplier != old->multiplier) ||
-    (new->passive != old->passive);
+    (new->passive != old->passive) ||
+    (new->auth_type != old->auth_type) ||
+    (new->passwords != old->passwords);
 
   /* This should be probably changed to not access ifa->cf from the BFD thread */
   birdloop_enter(p->loop);