On Tue, Apr 06, 2021 at 06:08:04PM +0200, Claudio Jeker wrote:
> When an rrdp request fails because the hash of a delta or snapshot is
> incorrect the repo never finishes because the setting of
> RRDP_STATE_PARSE_DONE and the call to rrdp_finished() is skipped.
> The result is a hanging rpki-client until the alarm kills it after 1h.
>
> This simple diff should fix the issue. Added extra contex to make it more
> obvious why this return is bad.
ok tb
> --
> :wq Claudio
>
> Index: rrdp.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/rrdp.c,v
> retrieving revision 1.1
> diff -u -p -U14 -r1.1 rrdp.c
> --- rrdp.c 1 Apr 2021 16:04:48 -0000 1.1
> +++ rrdp.c 6 Apr 2021 16:00:14 -0000
> @@ -474,29 +474,28 @@ rrdp_data_handler(struct rrdp *s)
> if ((s->state & RRDP_STATE_PARSE) == 0)
> errx(1, "%s: bad parser state", s->local);
> if (len == 0) {
> /* parser stage finished */
> close(s->infd);
> s->infd = -1;
>
> if (s->task != NOTIFICATION) {
> char h[SHA256_DIGEST_LENGTH];
>
> SHA256_Final(h, &s->ctx);
> if (memcmp(s->hash, h, sizeof(s->hash)) != 0) {
> s->state |= RRDP_STATE_PARSE_ERROR;
> warnx("%s: bad message digest", s->local);
> - return;
> }
> }
>
> s->state |= RRDP_STATE_PARSE_DONE;
> rrdp_finished(s);
> return;
> }
>
> /* parse and maybe hash the bytes just read */
> if (s->task != NOTIFICATION)
> SHA256_Update(&s->ctx, buf, len);
> if ((s->state & RRDP_STATE_PARSE_ERROR) == 0 &&
> XML_Parse(p, buf, len, 0) != XML_STATUS_OK) {
> s->state |= RRDP_STATE_PARSE_ERROR;
>