-/* $OpenBSD: extern.h,v 1.114 2022/01/23 12:09:24 claudio Exp $ */
+/* $OpenBSD: extern.h,v 1.115 2022/01/24 17:29:37 claudio Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
size_t);
struct mft *mft_read(struct ibuf *);
enum rtype rtype_from_file_extension(const char *);
-enum rtype rtype_from_mftfile(const char *);
void roa_buffer(struct ibuf *, const struct roa *);
void roa_free(struct roa *);
-/* $OpenBSD: mft.c,v 1.50 2022/01/22 09:18:48 tb Exp $ */
+/* $OpenBSD: mft.c,v 1.51 2022/01/24 17:29:37 claudio Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
/*
* Validate that a filename listed on a Manifest only contains characters
- * permitted in draft-ietf-sidrops-6486bis section 4.2.2 and check that
- * it's a CER, CRL, GBR or a ROA.
- * Returns corresponding rtype or RTYPE_INVALID on error.
+ * permitted in draft-ietf-sidrops-6486bis section 4.2.2
*/
-enum rtype
-rtype_from_mftfile(const char *fn)
+static int
+valid_filename(const char *fn, size_t len)
{
- const unsigned char *c;
- enum rtype type;
+ const unsigned char *c;
+ size_t i;
- for (c = fn; *c != '\0'; ++c)
+ for (c = fn, i = 0; i < len; i++, c++)
if (!isalnum(*c) && *c != '-' && *c != '_' && *c != '.')
- return RTYPE_INVALID;
+ return 0;
- if (strchr(fn, '.') != strrchr(fn, '.'))
- return RTYPE_INVALID;
+ c = memchr(fn, '.', len);
+ if (c == NULL || c != memrchr(fn, '.', len))
+ return 0;
+
+ return 1;
+}
+
+/*
+ * Check that the file is a CER, CRL, GBR or a ROA.
+ * Returns corresponding rtype or RTYPE_INVALID on error.
+ */
+static enum rtype
+rtype_from_mftfile(const char *fn)
+{
+ enum rtype type;
type = rtype_from_file_extension(fn);
switch (type) {
ASN1_SEQUENCE_ANY *seq;
const ASN1_TYPE *file, *hash;
char *fn = NULL;
- enum rtype type;
const unsigned char *d = os->data;
size_t dsz = os->length;
int rc = 0;
p->fn, ASN1_tag2str(file->type), file->type);
goto out;
}
+ if (!valid_filename(file->value.ia5string->data,
+ file->value.ia5string->length)) {
+ warnx("%s: RFC 6486 section 4.2.2: bad filename", p->fn);
+ goto out;
+ }
fn = strndup((const char *)file->value.ia5string->data,
file->value.ia5string->length);
if (fn == NULL)
err(1, NULL);
- if ((type = rtype_from_mftfile(fn)) == RTYPE_INVALID) {
- warnx("%s: invalid filename: %s", p->fn, fn);
- goto out;
- }
-
/* Now hash value. */
hash = sk_ASN1_TYPE_value(seq, 1);
/* Insert the filename and hash value. */
fent = &p->res->files[p->res->filesz++];
+ fent->type = rtype_from_mftfile(fn);
fent->file = fn;
- fent->type = type;
fn = NULL;
memcpy(fent->hash, hash->value.bit_string->data, SHA256_DIGEST_LENGTH);
-/* $OpenBSD: parser.c,v 1.53 2022/01/23 12:09:24 claudio Exp $ */
+/* $OpenBSD: parser.c,v 1.54 2022/01/24 17:29:37 claudio Exp $ */
/*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
proc_parser_mft_check(const char *fn, struct mft *p)
{
size_t i;
- int fd, try, rc = 1;
- char *h, *path;
+ int rc = 1;
+ char *path;
for (i = 0; i < p->filesz; i++) {
const struct mftfile *m = &p->files[i];
- if (rtype_from_mftfile(m->file) == RTYPE_INVALID) {
- if (base64_encode(m->hash, sizeof(m->hash), &h) == -1)
- errx(1, "base64_encode failed in %s", __func__);
- warnx("%s: unsupported filename for %s", fn, h);
- free(h);
- continue;
- }
+ int fd = -1, try = 0;
- fd = -1;
- try = 0;
path = NULL;
do {
free(path);
projects / openbsd / commitdiff