Mailing List Archive

PATCH: fix privilege support for bgpd
Hello,

This patch fix privilege support for bgp. When bgpd trys to bind to
socket it rais it's privileges. If bind fails, original privileges are not
restored. This happed for example on linux with IPv6, when after first
successful bind to ::, second bind to 0.0.0.0 fails.


diff -Nur quagga-0.96.4-orig/bgpd/bgp_network.c quagga-0.96.4/bgpd/bgp_network.c
--- quagga-0.96.4-orig/bgpd/bgp_network.c Wed Jun 4 15:59:38 2003
+++ quagga-0.96.4/bgpd/bgp_network.c Sun Nov 9 16:26:56 2003
@@ -279,7 +279,7 @@
int
bgp_socket (struct bgp *bgp, unsigned short port)
{
- int ret;
+ int ret, en;
struct addrinfo req;
struct addrinfo *ainfo;
struct addrinfo *ainfo_save;
@@ -322,16 +322,17 @@
zlog_err ("bgp_socket: could not raise privs");

ret = bind (sock, ainfo->ai_addr, ainfo->ai_addrlen);
+ en = errno;
+ if (bgpd_privs.change (ZPRIVS_LOWER) )
+ zlog_err ("bgp_bind_address: could not lower privs");
+
if (ret < 0)
{
- zlog_err ("bind: %s", strerror (errno));
- close (sock);
+ zlog_err ("bind: %s", strerror (en));
+ close(sock);
continue;
}

- if (bgpd_privs.change (ZPRIVS_LOWER) )
- zlog_err ("bgp_bind_address: could not lower privs");
-
ret = listen (sock, 3);
if (ret < 0)
{
@@ -381,16 +382,18 @@
zlog_err ("bgp_socket: could not raise privs");

ret = bind (sock, (struct sockaddr *) &sin, socklen);
+ en = errno;
+
+ if (bgpd_privs.change (ZPRIVS_LOWER) )
+ zlog_err ("bgp_socket: could not lower privs");
+
if (ret < 0)
{
- zlog_err ("bind: %s", strerror (errno));
+ zlog_err ("bind: %s", strerror (en));
close (sock);
return ret;
}

- if (bgpd_privs.change (ZPRIVS_LOWER) )
- zlog_err ("bgp_socket: could not lower privs");
-
ret = listen (sock, 3);
if (ret < 0)
{


Best regards,

Krzysztof Olêdzki