Fix unused bits handling for ip addresses

If ASN1_STRING_FLAG_BITS_LEFT is set, only the lower three bits of the
flags represent the unused bits. Other flags have nothing to with
lengths, so stop interpreting them as such and throwing strange errors.

ok claudio

diff --git a/usr.sbin/rpki-client/ip.c b/usr.sbin/rpki-client/ip.c
index a14aad3..4bb94e2 100644 (file)
--- a/usr.sbin/rpki-client/ip.c
+++ b/usr.sbin/rpki-client/ip.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ip.c,v 1.22 2022/05/11 18:48:35 tb Exp $ */
+/*     $OpenBSD: ip.c,v 1.23 2022/05/13 06:18:21 tb Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -189,17 +189,9 @@ ip_addr_parse(const ASN1_BIT_STRING *p,
        /* Weird OpenSSL-ism to get unused bit count. */
 
        if ((p->flags & ASN1_STRING_FLAG_BITS_LEFT))
-               unused = p->flags & ~ASN1_STRING_FLAG_BITS_LEFT;
+               unused = p->flags & 0x07;
 
-       if (unused < 0) {
-               warnx("%s: RFC 3779 section 2.2.3.8: "
-                   "unused bit count must be non-negative", fn);
-               return 0;
-       } else if (unused >= 8) {
-               warnx("%s: RFC 3779 section 2.2.3.8: "
-                   "unused bit count must mask an unsigned char", fn);
-               return 0;
-       } else if (p->length == 0 && unused != 0) {
+       if (p->length == 0 && unused != 0) {
                warnx("%s: RFC 3779 section 2.2.3.8: "
                    "unused bit count must be zero if length is zero", fn);
                return 0;