From 0c60a44551d28fc04d65b42d06ccb8cbdeb0ea6c Mon Sep 17 00:00:00 2001 From: job Date: Mon, 11 Dec 2023 15:50:23 +0000 Subject: [PATCH] Log a warning when a manifest replay is detected OK tb@ claudio@ --- usr.sbin/rpki-client/mft.c | 14 +++++++++----- usr.sbin/rpki-client/parser.c | 11 ++++++++--- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/usr.sbin/rpki-client/mft.c b/usr.sbin/rpki-client/mft.c index 0e4af6e1fdc..8fd3755f1c9 100644 --- a/usr.sbin/rpki-client/mft.c +++ b/usr.sbin/rpki-client/mft.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mft.c,v 1.99 2023/10/13 12:06:49 job Exp $ */ +/* $OpenBSD: mft.c,v 1.100 2023/12/11 15:50:23 job Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2019 Kristaps Dzonsons @@ -545,8 +545,9 @@ mft_read(struct ibuf *b) } /* - * Compare two MFT files, returns 1 if first MFT is preferred and 0 if second - * MFT should be used. + * Compare the manifestNumber of two MFT files. + * Returns 1 if first MFT should be used, 0 if both are equal, and -1 if the + * second MFT should be used. */ int mft_compare(const struct mft *a, const struct mft *b) @@ -556,16 +557,19 @@ mft_compare(const struct mft *a, const struct mft *b) if (b == NULL) return 1; if (a == NULL) - return 0; + return -1; r = strlen(a->seqnum) - strlen(b->seqnum); if (r > 0) /* seqnum in a is longer -> higher */ return 1; if (r < 0) /* seqnum in a is shorter -> smaller */ - return 0; + return -1; r = strcmp(a->seqnum, b->seqnum); if (r > 0) /* a is greater, prefer a */ return 1; + if (r < 0) /* b is greater, prefer b */ + return -1; + return 0; } diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c index 61a66db01c4..04259848e13 100644 --- a/usr.sbin/rpki-client/parser.c +++ b/usr.sbin/rpki-client/parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.c,v 1.101 2023/12/09 00:44:18 job Exp $ */ +/* $OpenBSD: parser.c,v 1.102 2023/12/11 15:50:23 job Exp $ */ /* * Copyright (c) 2019 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -361,7 +361,7 @@ proc_parser_mft(struct entity *entp, struct mft **mp, char **crlfile, struct crl *crl, *crl1, *crl2; char *file, *file1, *file2, *crl1file, *crl2file; const char *err1, *err2; - int warned = 0; + int r, warned = 0; *mp = NULL; *crlmtime = 0; @@ -376,7 +376,12 @@ proc_parser_mft(struct entity *entp, struct mft **mp, char **crlfile, if (err2 != NULL) err1 = err2; - if (mft_compare(mft1, mft2) == 1) { + r = mft_compare(mft1, mft2); + if (r == -1 && mft1 != NULL && mft2 != NULL) + warnx("%s: manifest replay detected (expected >= #%s, got #%s)", + file1, mft2->seqnum, mft1->seqnum); + + if (r == 1) { *mp = proc_parser_mft_post(file1, mft1, entp->path, err1, &warned); if (*mp == NULL) { -- 2.20.1