From 509d0f3b8cd1f8a6ed2ae0e00257349ba9b9f942 Mon Sep 17 00:00:00 2001
From: Ondrej Zajicek <santiago@crfreenet.org>
Date: Thu, 27 Mar 2025 17:43:56 +0100
Subject: [PATCH] BFD: Fix crash related to reconfiguration and passwords

Any change in BFD iface configuration should trigger session
reconfiguration, as config is copied into the bfd_session structure
and not just accessed through the bfd_iface structure.

As bfd_session now contains a pointer to the password list allocated
from the configuration, forgetting to update the bfd_session causes
use-after-free.

Thanks to Lexi Winter for the bugreport.
---
 proto/bfd/bfd.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/proto/bfd/bfd.c b/proto/bfd/bfd.c
index a4d186ec0..b678a0e5b 100644
--- a/proto/bfd/bfd.c
+++ b/proto/bfd/bfd.c
@@ -657,13 +657,15 @@ bfd_reconfigure_iface(struct bfd_proto *p, struct bfd_iface *ifa, struct bfd_con
   struct bfd_iface_config *new = bfd_find_iface_config(nc, ifa->iface);
   struct bfd_iface_config *old = ifa->cf;
 
-  /* Check options that are handled in bfd_reconfigure_session() */
+  /* Any configuration change should trigger bfd_reconfigure_session() */
   ifa->changed =
     (new->min_rx_int != old->min_rx_int) ||
     (new->min_tx_int != old->min_tx_int) ||
     (new->idle_tx_int != old->idle_tx_int) ||
     (new->multiplier != old->multiplier) ||
-    (new->passive != old->passive);
+    (new->passive != old->passive) ||
+    (new->auth_type != old->auth_type) ||
+    (new->passwords != old->passwords);
 
   /* This should be probably changed to not access ifa->cf from the BFD thread */
   birdloop_enter(p->loop);
-- 
2.47.2