as the notification file.
OK tb@ job@
-/* $OpenBSD: extern.h,v 1.85 2021/10/28 13:51:42 job Exp $ */
+/* $OpenBSD: extern.h,v 1.86 2021/10/29 09:27:36 claudio Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
int valid_filename(const char *);
int valid_filehash(const char *, const char *, size_t);
int valid_uri(const char *, size_t, const char *);
+int valid_origin(const char *, const char *);
/* Working with CMS. */
unsigned char *cms_parse_validate(X509 **, const char *,
-/* $OpenBSD: rrdp.c,v 1.16 2021/10/28 11:57:00 claudio Exp $ */
+/* $OpenBSD: rrdp.c,v 1.17 2021/10/29 09:27:36 claudio Exp $ */
/*
* Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com>
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
if ((s->parser = XML_ParserCreate("US-ASCII")) == NULL)
err(1, "XML_ParserCreate");
- s->nxml = new_notification_xml(s->parser, &s->repository, &s->current);
+ s->nxml = new_notification_xml(s->parser, &s->repository, &s->current,
+ notify);
TAILQ_INSERT_TAIL(&states, s, entry);
-/* $OpenBSD: rrdp.h,v 1.5 2021/10/28 11:57:00 claudio Exp $ */
+/* $OpenBSD: rrdp.h,v 1.6 2021/10/29 09:27:36 claudio Exp $ */
/*
* Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com>
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
struct notification_xml;
struct notification_xml *new_notification_xml(XML_Parser,
- struct rrdp_session *, struct rrdp_session *);
+ struct rrdp_session *, struct rrdp_session *,
+ const char *);
void free_notification_xml(struct notification_xml *);
enum rrdp_task notification_done(struct notification_xml *,
char *);
-/* $OpenBSD: rrdp_notification.c,v 1.8 2021/10/24 17:16:09 claudio Exp $ */
+/* $OpenBSD: rrdp_notification.c,v 1.9 2021/10/29 09:27:36 claudio Exp $ */
/*
* Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com>
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
XML_Parser parser;
struct rrdp_session *repository;
struct rrdp_session *current;
+ const char *notifyuri;
char *session_id;
char *snapshot_uri;
char snapshot_hash[SHA256_DIGEST_LENGTH];
for (i = 0; attr[i]; i += 2) {
if (strcmp("uri", attr[i]) == 0 && hasUri++ == 0) {
if (valid_uri(attr[i + 1], strlen(attr[i + 1]),
- "https://")) {
+ "https://") &&
+ valid_origin(attr[i + 1], nxml->notifyuri)) {
nxml->snapshot_uri = xstrdup(attr[i + 1]);
continue;
}
for (i = 0; attr[i]; i += 2) {
if (strcmp("uri", attr[i]) == 0 && hasUri++ == 0) {
if (valid_uri(attr[i + 1], strlen(attr[i + 1]),
- "https://")) {
+ "https://") &&
+ valid_origin(attr[i + 1], nxml->notifyuri)) {
delta_uri = attr[i + 1];
continue;
}
struct notification_xml *
new_notification_xml(XML_Parser p, struct rrdp_session *repository,
- struct rrdp_session *current)
+ struct rrdp_session *current, const char *notifyuri)
{
struct notification_xml *nxml;
nxml->parser = p;
nxml->repository = repository;
nxml->current = current;
+ nxml->notifyuri = notifyuri;
XML_SetElementHandler(nxml->parser, notification_xml_elem_start,
notification_xml_elem_end);
-/* $OpenBSD: validate.c,v 1.19 2021/10/27 21:56:58 beck Exp $ */
+/* $OpenBSD: validate.c,v 1.20 2021/10/29 09:27:36 claudio Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
return 1;
}
+
+/*
+ * Validate that a URI has the same host as the URI passed in proto.
+ * Returns 1 if valid, 0 otherwise.
+ */
+int
+valid_origin(const char *uri, const char *proto)
+{
+ const char *to;
+
+ /* extract end of host from proto URI */
+ to = strstr(proto, "://");
+ if (to == NULL)
+ return 0;
+ to += strlen("://");
+ if ((to = strchr(to, '/')) == NULL)
+ return 0;
+
+ /* compare hosts including the / for the start of the path section */
+ if (strncasecmp(uri, proto, to - proto + 1) != 0)
+ return 0;
+
+ return 1;
+}
projects / openbsd / commitdiff