artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 310fe3a) | patch
Length check URI before strncasecmp()
authortb <tb@openbsd.org>
Wed, 2 Nov 2022 11:28:36 +0000 (11:28 +0000)
committertb <tb@openbsd.org>
Wed, 2 Nov 2022 11:28:36 +0000 (11:28 +0000)
commit3b405428c938f2c0c4fa4849c56380774b3c1043
treed42dfdcba881e88365825649ab800ee7aec774dctree | snapshot
parent310fe3aba1b3d78dd4e75edea76be42cd7cdb224commit | diff
Length check URI before strncasecmp()

A priori URI is not NUL terminated, so we should first check it is long
enough before comparing it against proto. As a side effect, this now
rejects "https://" and "rsync://", which are invalid due to the missing
host in the authority section.

ok claudio
usr.sbin/rpki-client/validate.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim