diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2004-04-28 01:36:57 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2004-04-28 01:36:57 +0000 |
| commit | 175a5890da1fc943fb85ed8895c055977ae6949d (patch) | |
| tree | d3a33ee87beaa9f72d652f5068e076d70789dd07 | |
| parent | 01164a7ce77b6692f3413178a1d364ebd63cd639 (diff) | |
prevent multiple auth methods to be specified
| -rw-r--r-- | usr.sbin/bgpd/parse.y | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y index f70545d1abb..3856d48178f 100644 --- a/usr.sbin/bgpd/parse.y +++ b/usr.sbin/bgpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.93 2004/04/28 00:38:39 henning Exp $ */ +/* $OpenBSD: parse.y,v 1.94 2004/04/28 01:36:56 henning Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -507,6 +507,10 @@ peeropts : REMOTEAS asnumber { curpeer->conf.max_prefix = $2; } | TCP MD5SIG PASSWORD string { + if (curpeer->conf.auth.method) { + yyerror("auth method cannot be redefined"); + YYERROR; + } if (strlcpy(curpeer->conf.auth.md5key, $4, sizeof(curpeer->conf.auth.md5key)) >= sizeof(curpeer->conf.auth.md5key)) { @@ -522,6 +526,10 @@ peeropts : REMOTEAS asnumber { unsigned i; char s[3]; + if (curpeer->conf.auth.method) { + yyerror("auth method cannot be redefined"); + YYERROR; + } if (strlen($4) / 2 >= sizeof(curpeer->conf.auth.md5key)) { yyerror("key too long"); @@ -551,6 +559,10 @@ peeropts : REMOTEAS asnumber { free($4); } | IPSEC IKE { + if (curpeer->conf.auth.method) { + yyerror("auth method cannot be redefined"); + YYERROR; + } curpeer->conf.auth.method = AUTH_IPSEC_IKE; } | IPSEC ESP inout SPI number STRING STRING encspec { @@ -559,6 +571,10 @@ peeropts : REMOTEAS asnumber { u_int32_t auth_alg; u_int8_t keylen; + if (curpeer->conf.auth.method) { + yyerror("auth method cannot be redefined"); + YYERROR; + } curpeer->conf.auth.method = AUTH_IPSEC_MANUAL_ESP; if (!strcmp($6, "sha1")) { |