artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e59245c) | patch
rpki-client: disallow empty sets of IP Addresses or AS numbers
authortb <tb@openbsd.org>
Fri, 23 Jun 2023 07:26:21 +0000 (07:26 +0000)
committertb <tb@openbsd.org>
Fri, 23 Jun 2023 07:26:21 +0000 (07:26 +0000)
commit26660650b9a0e3e3ff15ad045e8981d12325e03a
tree5be66c0344038497b39ed27a9bf8fa93740ada1ctree | snapshot
parente59245c00239d48c9433418b1b7f787427b231b6commit | diff
rpki-client: disallow empty sets of IP Addresses or AS numbers

RFC 3779 doesn't say anything about empty lists of IP addresses and AS
numbers. Of course the RFC 3779 code in libcrypto implements a check for
empty lists for AS numbers but fails to do so for IP addresses...

While RFC 6487 is explicit about disallowing empty lists of IP addresses,
it is not explicit about disallowing empty ipAddressesOrRanges, but that
seems to be the intent.

Found with BBN test corpora

ok job
usr.sbin/rpki-client/cert.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim