From 8e901cb844bb4024f4426448d63ac5a14ef1cbc4 Mon Sep 17 00:00:00 2001 From: claudio Date: Thu, 3 Feb 2022 18:19:32 +0000 Subject: [PATCH] Enforce the RRDP XMLNS to "http://www.ripe.net/rpki/rrdp" Missing check reported by Ties de Kock OK tb@ benno@ --- usr.sbin/rpki-client/rrdp.h | 3 ++- usr.sbin/rpki-client/rrdp_delta.c | 5 +++-- usr.sbin/rpki-client/rrdp_notification.c | 5 +++-- usr.sbin/rpki-client/rrdp_snapshot.c | 5 +++-- 4 files changed, 11 insertions(+), 7 deletions(-) diff --git a/usr.sbin/rpki-client/rrdp.h b/usr.sbin/rpki-client/rrdp.h index 7c7258a47e2..36c97561822 100644 --- a/usr.sbin/rpki-client/rrdp.h +++ b/usr.sbin/rpki-client/rrdp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rrdp.h,v 1.7 2021/11/24 15:24:16 claudio Exp $ */ +/* $OpenBSD: rrdp.h,v 1.8 2022/02/03 18:19:32 claudio Exp $ */ /* * Copyright (c) 2020 Nils Fisher * Copyright (c) 2021 Claudio Jeker @@ -18,6 +18,7 @@ #ifndef _RRDPH_ #define _RRDPH_ +#define RRDP_XMLNS "http://www.ripe.net/rpki/rrdp" #define MAX_VERSION 1 #define log_debuginfo(format, ...) logx(format, ##__VA_ARGS__) diff --git a/usr.sbin/rpki-client/rrdp_delta.c b/usr.sbin/rpki-client/rrdp_delta.c index 52683c47214..3a8629ad98f 100644 --- a/usr.sbin/rpki-client/rrdp_delta.c +++ b/usr.sbin/rpki-client/rrdp_delta.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rrdp_delta.c,v 1.6 2021/11/09 11:01:04 claudio Exp $ */ +/* $OpenBSD: rrdp_delta.c,v 1.7 2022/02/03 18:19:32 claudio Exp $ */ /* * Copyright (c) 2020 Nils Fisher * Copyright (c) 2021 Claudio Jeker @@ -66,7 +66,8 @@ start_delta_elem(struct delta_xml *dxml, const char **attr) "parse failed - entered delta elem unexpectedely"); for (i = 0; attr[i]; i += 2) { const char *errstr; - if (strcmp("xmlns", attr[i]) == 0) { + if (strcmp("xmlns", attr[i]) == 0 && + strcmp(RRDP_XMLNS, attr[i + 1]) == 0) { has_xmlns = 1; continue; } diff --git a/usr.sbin/rpki-client/rrdp_notification.c b/usr.sbin/rpki-client/rrdp_notification.c index 9bc415585ff..c6cdb0bbf82 100644 --- a/usr.sbin/rpki-client/rrdp_notification.c +++ b/usr.sbin/rpki-client/rrdp_notification.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rrdp_notification.c,v 1.12 2021/11/24 15:24:16 claudio Exp $ */ +/* $OpenBSD: rrdp_notification.c,v 1.13 2022/02/03 18:19:32 claudio Exp $ */ /* * Copyright (c) 2020 Nils Fisher * Copyright (c) 2021 Claudio Jeker @@ -120,7 +120,8 @@ start_notification_elem(struct notification_xml *nxml, const char **attr) "parse failed - entered notification elem unexpectedely"); for (i = 0; attr[i]; i += 2) { const char *errstr; - if (strcmp("xmlns", attr[i]) == 0) { + if (strcmp("xmlns", attr[i]) == 0 && + strcmp(RRDP_XMLNS, attr[i + 1]) == 0) { has_xmlns = 1; continue; } diff --git a/usr.sbin/rpki-client/rrdp_snapshot.c b/usr.sbin/rpki-client/rrdp_snapshot.c index 3e060d3e25e..47423c12548 100644 --- a/usr.sbin/rpki-client/rrdp_snapshot.c +++ b/usr.sbin/rpki-client/rrdp_snapshot.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rrdp_snapshot.c,v 1.5 2021/11/09 11:01:04 claudio Exp $ */ +/* $OpenBSD: rrdp_snapshot.c,v 1.6 2022/02/03 18:19:32 claudio Exp $ */ /* * Copyright (c) 2020 Nils Fisher * Copyright (c) 2021 Claudio Jeker @@ -58,7 +58,8 @@ start_snapshot_elem(struct snapshot_xml *sxml, const char **attr) "parse failed - entered snapshot elem unexpectedely"); for (i = 0; attr[i]; i += 2) { const char *errstr; - if (strcmp("xmlns", attr[i]) == 0) { + if (strcmp("xmlns", attr[i]) == 0 && + strcmp(RRDP_XMLNS, attr[i + 1]) == 0) { has_xmlns = 1; continue; } -- 2.20.1