artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7d148a5)
In valid_cert() also skip the check for CERT_IP_INHERIT objects like
authorclaudio <claudio@openbsd.org>
Thu, 11 May 2023 14:05:31 +0000 (14:05 +0000)
committerclaudio <claudio@openbsd.org>
Thu, 11 May 2023 14:05:31 +0000 (14:05 +0000)
it is done for CERT_AS_INHERIT.

Without this inheritance of IP address resources does not work. Problem
noticed by Ties de Kock (tdekock (at) ripe.net)

OK job@ tb@ benno@

usr.sbin/rpki-client/validate.c patch | blob | history

diff --git a/usr.sbin/rpki-client/validate.c b/usr.sbin/rpki-client/validate.c
index 7a8af6e..ef0bc7f 100644 (file)
--- a/usr.sbin/rpki-client/validate.c
+++ b/usr.sbin/rpki-client/validate.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: validate.c,v 1.60 2023/05/09 10:34:32 tb Exp $ */
+/*     $OpenBSD: validate.c,v 1.61 2023/05/11 14:05:31 claudio Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -152,6 +152,8 @@ valid_cert(const char *fn, struct auth *a, const struct cert *cert)
        }
 
        for (i = 0; i < cert->ipsz; i++) {
+               if (cert->ips[i].type == CERT_IP_INHERIT)
+                       continue;
                if (valid_ip(a, cert->ips[i].afi, cert->ips[i].min,
                    cert->ips[i].max))
                        continue;
OpenBSD src
by Ahmet Artu Yildirim