From 3e23e2bc6990877758611f31198707bd07e4c66e Mon Sep 17 00:00:00 2001 From: claudio Date: Fri, 19 Feb 2021 10:23:50 +0000 Subject: [PATCH] Add the same ASCII check to the URI in TAL files as we do for URI in .cer files OK tb@ --- usr.sbin/rpki-client/tal.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/usr.sbin/rpki-client/tal.c b/usr.sbin/rpki-client/tal.c index a724e5de2e6..463a77f2e83 100644 --- a/usr.sbin/rpki-client/tal.c +++ b/usr.sbin/rpki-client/tal.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tal.c,v 1.26 2021/01/08 08:09:07 claudio Exp $ */ +/* $OpenBSD: tal.c,v 1.27 2021/02/19 10:23:50 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -82,6 +82,7 @@ tal_parse_buffer(const char *fn, char *buf) char *nl, *line, *f, *file = NULL; unsigned char *der; size_t sz, dersz; + ssize_t i; int rc = 0; struct tal *tal = NULL; EVP_PKEY *pkey = NULL; @@ -101,6 +102,13 @@ tal_parse_buffer(const char *fn, char *buf) if (*line == '\0') break; + /* make sure only US-ASCII chars are in the URL */ + for (i = 0; i < nl - line; i++) { + if (isalnum(line[i]) || ispunct(line[i])) + continue; + warnx("%s: invalid URI", fn); + goto out; + } /* Check that the URI is sensible */ if (!(strncasecmp(line, "https://", 8) == 0 || strncasecmp(line, "rsync://", 8) == 0)) { -- 2.20.1