From 9eb589bc5493e44c069fba6ce9702fecf50eda64 Mon Sep 17 00:00:00 2001 From: tb Date: Fri, 13 May 2022 06:18:21 +0000 Subject: [PATCH] Fix unused bits handling for ip addresses If ASN1_STRING_FLAG_BITS_LEFT is set, only the lower three bits of the flags represent the unused bits. Other flags have nothing to with lengths, so stop interpreting them as such and throwing strange errors. ok claudio --- usr.sbin/rpki-client/ip.c | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/usr.sbin/rpki-client/ip.c b/usr.sbin/rpki-client/ip.c index a14aad32813..4bb94e2486e 100644 --- a/usr.sbin/rpki-client/ip.c +++ b/usr.sbin/rpki-client/ip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip.c,v 1.22 2022/05/11 18:48:35 tb Exp $ */ +/* $OpenBSD: ip.c,v 1.23 2022/05/13 06:18:21 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -189,17 +189,9 @@ ip_addr_parse(const ASN1_BIT_STRING *p, /* Weird OpenSSL-ism to get unused bit count. */ if ((p->flags & ASN1_STRING_FLAG_BITS_LEFT)) - unused = p->flags & ~ASN1_STRING_FLAG_BITS_LEFT; + unused = p->flags & 0x07; - if (unused < 0) { - warnx("%s: RFC 3779 section 2.2.3.8: " - "unused bit count must be non-negative", fn); - return 0; - } else if (unused >= 8) { - warnx("%s: RFC 3779 section 2.2.3.8: " - "unused bit count must mask an unsigned char", fn); - return 0; - } else if (p->length == 0 && unused != 0) { + if (p->length == 0 && unused != 0) { warnx("%s: RFC 3779 section 2.2.3.8: " "unused bit count must be zero if length is zero", fn); return 0; -- 2.20.1