From 782a58ffc8fa1bca428171e1cad8bde855381147 Mon Sep 17 00:00:00 2001
From: job <job@openbsd.org>
Date: Mon, 25 Sep 2023 08:48:14 +0000
Subject: [PATCH] Introduce ip_addr_range_print() to avoid code repetition

OK tb@
---
 usr.sbin/rpki-client/extern.h   |   4 +-
 usr.sbin/rpki-client/ip.c       |  34 ++++++++++-
 usr.sbin/rpki-client/validate.c | 100 ++++++++++++++++++--------------
 3 files changed, 94 insertions(+), 44 deletions(-)

diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h
index dbef64d767f..8420d0f79c1 100644
--- a/usr.sbin/rpki-client/extern.h
+++ b/usr.sbin/rpki-client/extern.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: extern.h,v 1.189 2023/09/12 09:33:30 job Exp $ */
+/*	$OpenBSD: extern.h,v 1.190 2023/09/25 08:48:14 job Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -708,6 +708,8 @@ int		 ip_addr_parse(const ASN1_BIT_STRING *,
 			enum afi, const char *, struct ip_addr *);
 void		 ip_addr_print(const struct ip_addr *, enum afi, char *,
 			size_t);
+void		 ip_addr_range_print(const struct ip_addr_range *, enum afi,
+			char *, size_t);
 int		 ip_addr_cmp(const struct ip_addr *, const struct ip_addr *);
 int		 ip_addr_check_overlap(const struct cert_ip *,
 			const char *, const struct cert_ip *, size_t);
diff --git a/usr.sbin/rpki-client/ip.c b/usr.sbin/rpki-client/ip.c
index 89c3088aefb..f5ff23b03f5 100644
--- a/usr.sbin/rpki-client/ip.c
+++ b/usr.sbin/rpki-client/ip.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip.c,v 1.27 2022/11/29 20:41:32 job Exp $ */
+/*	$OpenBSD: ip.c,v 1.28 2023/09/25 08:48:14 job Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -253,6 +253,38 @@ ip_addr_print(const struct ip_addr *addr,
 		err(1, "malformed IP address");
 }
 
+/*
+ * Convert a ip_addr into a NUL-terminated range notation string.
+ * The size of the buffer must be at least 95 (inclusive).
+ */
+void
+ip_addr_range_print(const struct ip_addr_range *range,
+    enum afi afi, char *buf, size_t bufsz)
+{
+	char min[INET6_ADDRSTRLEN], max[INET6_ADDRSTRLEN];
+	int ret, af;
+
+	switch (afi) {
+	case AFI_IPV4:
+		af = AF_INET;
+		break;
+	case AFI_IPV6:
+		af = AF_INET6;
+		break;
+	default:
+		errx(1, "unsupported address family identifier");
+	}
+
+	if (inet_ntop(af, &range->min, min, sizeof(min)) == NULL)
+		err(1, "inet_ntop");
+	if (inet_ntop(af, &range->max, max, sizeof(max)) == NULL)
+		err(1, "inet_ntop");
+
+	ret = snprintf(buf, bufsz, "%s--%s", min, max);
+	if (ret < 0 || (size_t)ret >= bufsz)
+		err(1, "malformed IP address");
+}
+
 /*
  * Given the addresses (range or IP) in cert_ip, fill in the "min" and
  * "max" fields with the minimum and maximum possible IP addresses given
diff --git a/usr.sbin/rpki-client/validate.c b/usr.sbin/rpki-client/validate.c
index d934f2c1e41..1638c2846fe 100644
--- a/usr.sbin/rpki-client/validate.c
+++ b/usr.sbin/rpki-client/validate.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: validate.c,v 1.66 2023/06/29 10:28:25 tb Exp $ */
+/*	$OpenBSD: validate.c,v 1.67 2023/09/25 08:48:14 job Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -135,48 +135,63 @@ valid_cert(const char *fn, struct auth *a, const struct cert *cert)
 {
 	size_t		 i;
 	uint32_t	 min, max;
-	char		 buf1[64], buf2[64];
+	char		 buf[128];
 
 	for (i = 0; i < cert->asz; i++) {
 		if (cert->as[i].type == CERT_AS_INHERIT)
 			continue;
-		min = cert->as[i].type == CERT_AS_ID ?
-		    cert->as[i].id : cert->as[i].range.min;
-		max = cert->as[i].type == CERT_AS_ID ?
-		    cert->as[i].id : cert->as[i].range.max;
+
+		if (cert->as[i].type == CERT_AS_ID) {
+			min = cert->as[i].id;
+			max = cert->as[i].id;
+		} else {
+			min = cert->as[i].range.min;
+			max = cert->as[i].range.max;
+		}
+
 		if (valid_as(a, min, max))
 			continue;
-		warnx("%s: RFC 6487: uncovered AS: "
-		    "%u--%u", fn, min, max);
+
+		switch (cert->as[i].type) {
+		case CERT_AS_ID:
+			warnx("%s: RFC 6487: uncovered AS: %u", fn, min);
+			break;
+		case CERT_AS_RANGE:
+			warnx("%s: RFC 6487: uncovered AS: %u--%u", fn,
+			    min, max);
+			break;
+		case CERT_AS_INHERIT:
+			warnx("%s: RFC 6487: uncovered AS: (inherit)", fn);
+			break;
+		}
+
 		return 0;
 	}
 
 	for (i = 0; i < cert->ipsz; i++) {
 		if (cert->ips[i].type == CERT_IP_INHERIT)
 			continue;
+
 		if (valid_ip(a, cert->ips[i].afi, cert->ips[i].min,
 		    cert->ips[i].max))
 			continue;
+
 		switch (cert->ips[i].type) {
-		case CERT_IP_RANGE:
-			ip_addr_print(&cert->ips[i].range.min,
-			    cert->ips[i].afi, buf1, sizeof(buf1));
-			ip_addr_print(&cert->ips[i].range.max,
-			    cert->ips[i].afi, buf2, sizeof(buf2));
-			warnx("%s: RFC 6487: uncovered IP: "
-			    "%s--%s", fn, buf1, buf2);
-			break;
 		case CERT_IP_ADDR:
 			ip_addr_print(&cert->ips[i].ip,
-			    cert->ips[i].afi, buf1, sizeof(buf1));
-			warnx("%s: RFC 6487: uncovered IP: "
-			    "%s", fn, buf1);
+			    cert->ips[i].afi, buf, sizeof(buf));
+			warnx("%s: RFC 6487: uncovered IP: %s", fn, buf);
+			break;
+		case CERT_IP_RANGE:
+			ip_addr_range_print(&cert->ips[i].range,
+			    cert->ips[i].afi, buf, sizeof(buf));
+			warnx("%s: RFC 6487: uncovered IP: %s", fn, buf);
 			break;
 		case CERT_IP_INHERIT:
-			warnx("%s: RFC 6487: uncovered IP: "
-			    "(inherit)", fn);
+			warnx("%s: RFC 6487: uncovered IP: (inherit)", fn);
 			break;
 		}
+
 		return 0;
 	}
 
@@ -458,25 +473,28 @@ valid_rsc(const char *fn, struct cert *cert, struct rsc *rsc)
 {
 	size_t		i;
 	uint32_t	min, max;
-	char		buf1[64], buf2[64];
+	char		buf[128];
 
 	for (i = 0; i < rsc->asz; i++) {
-		min = rsc->as[i].type == CERT_AS_RANGE ? rsc->as[i].range.min
-		    : rsc->as[i].id;
-		max = rsc->as[i].type == CERT_AS_RANGE ? rsc->as[i].range.max
-		    : rsc->as[i].id;
+		if (rsc->as[i].type == CERT_AS_ID) {
+			min = rsc->as[i].id;
+			max = rsc->as[i].id;
+		} else {
+			min = rsc->as[i].range.min;
+			max = rsc->as[i].range.max;
+		}
 
 		if (as_check_covered(min, max, cert->as, cert->asz) > 0)
 			continue;
 
 		switch (rsc->as[i].type) {
 		case CERT_AS_ID:
-			warnx("%s: RSC resourceBlock: uncovered AS Identifier: "
-			    "%u", fn, rsc->as[i].id);
+			warnx("%s: RSC resourceBlock: uncovered AS: %u", fn,
+			    min);
 			break;
 		case CERT_AS_RANGE:
-			warnx("%s: RSC resourceBlock: uncovered AS Range: "
-			    "%u--%u", fn, min, max);
+			warnx("%s: RSC resourceBlock: uncovered AS: %u--%u",
+			    fn, min, max);
 			break;
 		default:
 			break;
@@ -490,19 +508,17 @@ valid_rsc(const char *fn, struct cert *cert, struct rsc *rsc)
 			continue;
 
 		switch (rsc->ips[i].type) {
-		case CERT_IP_RANGE:
-			ip_addr_print(&rsc->ips[i].range.min,
-			    rsc->ips[i].afi, buf1, sizeof(buf1));
-			ip_addr_print(&rsc->ips[i].range.max,
-			    rsc->ips[i].afi, buf2, sizeof(buf2));
-			warnx("%s: RSC ResourceBlock: uncovered IP Range: "
-			    "%s--%s", fn, buf1, buf2);
-			break;
 		case CERT_IP_ADDR:
-			ip_addr_print(&rsc->ips[i].ip,
-			    rsc->ips[i].afi, buf1, sizeof(buf1));
-			warnx("%s: RSC ResourceBlock: uncovered IP: "
-			    "%s", fn, buf1);
+			ip_addr_print(&rsc->ips[i].ip, rsc->ips[i].afi, buf,
+			    sizeof(buf));
+			warnx("%s: RSC ResourceBlock: uncovered IP: %s", fn,
+			    buf);
+			break;
+		case CERT_IP_RANGE:
+			ip_addr_range_print(&rsc->ips[i].range, rsc->ips[i].afi,
+			    buf, sizeof(buf));
+			warnx("%s: RSC ResourceBlock: uncovered IP: %s", fn,
+			    buf);
 			break;
 		default:
 			break;
-- 
2.20.1