Introduce ip_addr_range_print() to avoid code repetition

OK tb@

diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h
index dbef64d..8420d0f 100644 (file)
--- a/usr.sbin/rpki-client/extern.h
+++ b/usr.sbin/rpki-client/extern.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: extern.h,v 1.189 2023/09/12 09:33:30 job Exp $ */
+/*     $OpenBSD: extern.h,v 1.190 2023/09/25 08:48:14 job Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -708,6 +708,8 @@ int          ip_addr_parse(const ASN1_BIT_STRING *,
                        enum afi, const char *, struct ip_addr *);
 void            ip_addr_print(const struct ip_addr *, enum afi, char *,
                        size_t);
+void            ip_addr_range_print(const struct ip_addr_range *, enum afi,
+                       char *, size_t);
 int             ip_addr_cmp(const struct ip_addr *, const struct ip_addr *);
 int             ip_addr_check_overlap(const struct cert_ip *,
                        const char *, const struct cert_ip *, size_t);

diff --git a/usr.sbin/rpki-client/ip.c b/usr.sbin/rpki-client/ip.c
index 89c3088..f5ff23b 100644 (file)
--- a/usr.sbin/rpki-client/ip.c
+++ b/usr.sbin/rpki-client/ip.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ip.c,v 1.27 2022/11/29 20:41:32 job Exp $ */
+/*     $OpenBSD: ip.c,v 1.28 2023/09/25 08:48:14 job Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -253,6 +253,38 @@ ip_addr_print(const struct ip_addr *addr,
                err(1, "malformed IP address");
 }
 
+/*
+ * Convert a ip_addr into a NUL-terminated range notation string.
+ * The size of the buffer must be at least 95 (inclusive).
+ */
+void
+ip_addr_range_print(const struct ip_addr_range *range,
+    enum afi afi, char *buf, size_t bufsz)
+{
+       char min[INET6_ADDRSTRLEN], max[INET6_ADDRSTRLEN];
+       int ret, af;
+
+       switch (afi) {
+       case AFI_IPV4:
+               af = AF_INET;
+               break;
+       case AFI_IPV6:
+               af = AF_INET6;
+               break;
+       default:
+               errx(1, "unsupported address family identifier");
+       }
+
+       if (inet_ntop(af, &range->min, min, sizeof(min)) == NULL)
+               err(1, "inet_ntop");
+       if (inet_ntop(af, &range->max, max, sizeof(max)) == NULL)
+               err(1, "inet_ntop");
+
+       ret = snprintf(buf, bufsz, "%s--%s", min, max);
+       if (ret < 0 || (size_t)ret >= bufsz)
+               err(1, "malformed IP address");
+}
+
 /*
  * Given the addresses (range or IP) in cert_ip, fill in the "min" and
  * "max" fields with the minimum and maximum possible IP addresses given

diff --git a/usr.sbin/rpki-client/validate.c b/usr.sbin/rpki-client/validate.c
index d934f2c..1638c28 100644 (file)
--- a/usr.sbin/rpki-client/validate.c
+++ b/usr.sbin/rpki-client/validate.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: validate.c,v 1.66 2023/06/29 10:28:25 tb Exp $ */
+/*     $OpenBSD: validate.c,v 1.67 2023/09/25 08:48:14 job Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -135,48 +135,63 @@ valid_cert(const char *fn, struct auth *a, const struct cert *cert)
 {
        size_t           i;
        uint32_t         min, max;
-       char             buf1[64], buf2[64];
+       char             buf[128];
 
        for (i = 0; i < cert->asz; i++) {
                if (cert->as[i].type == CERT_AS_INHERIT)
                        continue;
-               min = cert->as[i].type == CERT_AS_ID ?
-                   cert->as[i].id : cert->as[i].range.min;
-               max = cert->as[i].type == CERT_AS_ID ?
-                   cert->as[i].id : cert->as[i].range.max;
+
+               if (cert->as[i].type == CERT_AS_ID) {
+                       min = cert->as[i].id;
+                       max = cert->as[i].id;
+               } else {
+                       min = cert->as[i].range.min;
+                       max = cert->as[i].range.max;
+               }
+
                if (valid_as(a, min, max))
                        continue;
-               warnx("%s: RFC 6487: uncovered AS: "
-                   "%u--%u", fn, min, max);
+
+               switch (cert->as[i].type) {
+               case CERT_AS_ID:
+                       warnx("%s: RFC 6487: uncovered AS: %u", fn, min);
+                       break;
+               case CERT_AS_RANGE:
+                       warnx("%s: RFC 6487: uncovered AS: %u--%u", fn,
+                           min, max);
+                       break;
+               case CERT_AS_INHERIT:
+                       warnx("%s: RFC 6487: uncovered AS: (inherit)", fn);
+                       break;
+               }
+
                return 0;
        }
 
        for (i = 0; i < cert->ipsz; i++) {
                if (cert->ips[i].type == CERT_IP_INHERIT)
                        continue;
+
                if (valid_ip(a, cert->ips[i].afi, cert->ips[i].min,
                    cert->ips[i].max))
                        continue;
+
                switch (cert->ips[i].type) {
-               case CERT_IP_RANGE:
-                       ip_addr_print(&cert->ips[i].range.min,
-                           cert->ips[i].afi, buf1, sizeof(buf1));
-                       ip_addr_print(&cert->ips[i].range.max,
-                           cert->ips[i].afi, buf2, sizeof(buf2));
-                       warnx("%s: RFC 6487: uncovered IP: "
-                           "%s--%s", fn, buf1, buf2);
-                       break;
                case CERT_IP_ADDR:
                        ip_addr_print(&cert->ips[i].ip,
-                           cert->ips[i].afi, buf1, sizeof(buf1));
-                       warnx("%s: RFC 6487: uncovered IP: "
-                           "%s", fn, buf1);
+                           cert->ips[i].afi, buf, sizeof(buf));
+                       warnx("%s: RFC 6487: uncovered IP: %s", fn, buf);
+                       break;
+               case CERT_IP_RANGE:
+                       ip_addr_range_print(&cert->ips[i].range,
+                           cert->ips[i].afi, buf, sizeof(buf));
+                       warnx("%s: RFC 6487: uncovered IP: %s", fn, buf);
                        break;
                case CERT_IP_INHERIT:
-                       warnx("%s: RFC 6487: uncovered IP: "
-                           "(inherit)", fn);
+                       warnx("%s: RFC 6487: uncovered IP: (inherit)", fn);
                        break;
                }
+
                return 0;
        }
 
@@ -458,25 +473,28 @@ valid_rsc(const char *fn, struct cert *cert, struct rsc *rsc)
 {
        size_t          i;
        uint32_t        min, max;
-       char            buf1[64], buf2[64];
+       char            buf[128];
 
        for (i = 0; i < rsc->asz; i++) {
-               min = rsc->as[i].type == CERT_AS_RANGE ? rsc->as[i].range.min
-                   : rsc->as[i].id;
-               max = rsc->as[i].type == CERT_AS_RANGE ? rsc->as[i].range.max
-                   : rsc->as[i].id;
+               if (rsc->as[i].type == CERT_AS_ID) {
+                       min = rsc->as[i].id;
+                       max = rsc->as[i].id;
+               } else {
+                       min = rsc->as[i].range.min;
+                       max = rsc->as[i].range.max;
+               }
 
                if (as_check_covered(min, max, cert->as, cert->asz) > 0)
                        continue;
 
                switch (rsc->as[i].type) {
                case CERT_AS_ID:
-                       warnx("%s: RSC resourceBlock: uncovered AS Identifier: "
-                           "%u", fn, rsc->as[i].id);
+                       warnx("%s: RSC resourceBlock: uncovered AS: %u", fn,
+                           min);
                        break;
                case CERT_AS_RANGE:
-                       warnx("%s: RSC resourceBlock: uncovered AS Range: "
-                           "%u--%u", fn, min, max);
+                       warnx("%s: RSC resourceBlock: uncovered AS: %u--%u",
+                           fn, min, max);
                        break;
                default:
                        break;
@@ -490,19 +508,17 @@ valid_rsc(const char *fn, struct cert *cert, struct rsc *rsc)
                        continue;
 
                switch (rsc->ips[i].type) {
-               case CERT_IP_RANGE:
-                       ip_addr_print(&rsc->ips[i].range.min,
-                           rsc->ips[i].afi, buf1, sizeof(buf1));
-                       ip_addr_print(&rsc->ips[i].range.max,
-                           rsc->ips[i].afi, buf2, sizeof(buf2));
-                       warnx("%s: RSC ResourceBlock: uncovered IP Range: "
-                           "%s--%s", fn, buf1, buf2);
-                       break;
                case CERT_IP_ADDR:
-                       ip_addr_print(&rsc->ips[i].ip,
-                           rsc->ips[i].afi, buf1, sizeof(buf1));
-                       warnx("%s: RSC ResourceBlock: uncovered IP: "
-                           "%s", fn, buf1);
+                       ip_addr_print(&rsc->ips[i].ip, rsc->ips[i].afi, buf,
+                           sizeof(buf));
+                       warnx("%s: RSC ResourceBlock: uncovered IP: %s", fn,
+                           buf);
+                       break;
+               case CERT_IP_RANGE:
+                       ip_addr_range_print(&rsc->ips[i].range, rsc->ips[i].afi,
+                           buf, sizeof(buf));
+                       warnx("%s: RSC ResourceBlock: uncovered IP: %s", fn,
+                           buf);
                        break;
                default:
                        break;