From: tb <tb@openbsd.org>
Date: Tue, 23 May 2023 06:42:08 +0000 (+0000)
Subject: Convert ASN1_INTEGER_get() to ASN1_INTEGER_get_uint64()
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=331e816c912fe7c8e64f80bf4aee973d4e689d0d;p=openbsd

Convert ASN1_INTEGER_get() to ASN1_INTEGER_get_uint64()

The former is broken by design and should not be used. The latter allows
for unambiguous error checking. Add a few casts to print uint64_t without
the PRIu64 monstrosity.

ok claudio
---

diff --git a/usr.sbin/rpki-client/roa.c b/usr.sbin/rpki-client/roa.c
index 705208cbd2d..206cd011932 100644
--- a/usr.sbin/rpki-client/roa.c
+++ b/usr.sbin/rpki-client/roa.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: roa.c,v 1.66 2023/04/26 16:32:41 claudio Exp $ */
+/*	$OpenBSD: roa.c,v 1.67 2023/05/23 06:42:08 tb Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -107,7 +107,7 @@ roa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
 	int				 addrsz;
 	enum afi			 afi;
 	const ROAIPAddress		*addr;
-	long				 maxlen;
+	uint64_t			 maxlen;
 	struct ip_addr			 ipaddr;
 	struct roa_ip			*res;
 	int				 ipaddrblocksz;
@@ -168,21 +168,23 @@ roa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
 			maxlen = ipaddr.prefixlen;
 
 			if (addr->maxLength != NULL) {
-				maxlen = ASN1_INTEGER_get(addr->maxLength);
-				if (maxlen < 0) {
+				if (!ASN1_INTEGER_get_uint64(&maxlen,
+				    addr->maxLength)) {
 					warnx("%s: RFC 6482 section 3.2: "
-					    "ASN1_INTEGER_get failed", p->fn);
+					    "ASN1_INTEGER_get_uint64 failed",
+					    p->fn);
 					goto out;
 				}
 				if (ipaddr.prefixlen > maxlen) {
 					warnx("%s: prefixlen (%d) larger than "
-					    "maxLength (%ld)", p->fn,
-					    ipaddr.prefixlen, maxlen);
+					    "maxLength (%llu)", p->fn,
+					    ipaddr.prefixlen,
+					    (unsigned long long)maxlen);
 					goto out;
 				}
 				if (maxlen > ((afi == AFI_IPV4) ? 32 : 128)) {
-					warnx("%s: maxLength (%ld) too large",
-					    p->fn, maxlen);
+					warnx("%s: maxLength (%llu) too large",
+					    p->fn, (unsigned long long)maxlen);
 					goto out;
 				}
 			}
diff --git a/usr.sbin/rpki-client/validate.c b/usr.sbin/rpki-client/validate.c
index ef0bc7f58d6..0aa20157cca 100644
--- a/usr.sbin/rpki-client/validate.c
+++ b/usr.sbin/rpki-client/validate.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: validate.c,v 1.61 2023/05/11 14:05:31 claudio Exp $ */
+/*	$OpenBSD: validate.c,v 1.62 2023/05/23 06:42:08 tb Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -516,13 +516,13 @@ valid_rsc(const char *fn, struct cert *cert, struct rsc *rsc)
 int
 valid_econtent_version(const char *fn, const ASN1_INTEGER *aint)
 {
-	long version;
+	uint64_t version;
 
 	if (aint == NULL)
 		return 1;
 
-	if ((version = ASN1_INTEGER_get(aint)) < 0) {
-		warnx("%s: ASN1_INTEGER_get failed", fn);
+	if (!ASN1_INTEGER_get_uint64(&version, aint)) {
+		warnx("%s: ASN1_INTEGER_get_uint64 failed", fn);
 		return 0;
 	}
 
@@ -531,7 +531,8 @@ valid_econtent_version(const char *fn, const ASN1_INTEGER *aint)
 		warnx("%s: incorrect encoding for version 0", fn);
 		return 0;
 	default:
-		warnx("%s: version %ld not supported (yet)", fn, version);
+		warnx("%s: version %llu not supported (yet)", fn,
+		    (unsigned long long)version);
 		return 0;
 	}
 }