rpki-client extra paranoia

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

rpki-client extra paranoia

Claudio Jeker
Better to make sure that all URI we ingest are sensitive. Similar check
is already done in cert.c so also do it for the TAL files (even though
these are normally controled by the user).

OK?
--
:wq Claudio

Index: tal.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/tal.c,v
retrieving revision 1.26
diff -u -p -r1.26 tal.c
--- tal.c 8 Jan 2021 08:09:07 -0000 1.26
+++ tal.c 19 Feb 2021 09:21:18 -0000
@@ -82,6 +82,7 @@ tal_parse_buffer(const char *fn, char *b
  char *nl, *line, *f, *file = NULL;
  unsigned char *der;
  size_t sz, dersz;
+ ssize_t i;
  int rc = 0;
  struct tal *tal = NULL;
  EVP_PKEY *pkey = NULL;
@@ -101,6 +102,13 @@ tal_parse_buffer(const char *fn, char *b
  if (*line == '\0')
  break;
 
+ /* make sure only US-ASCII chars are in the URL */
+ for (i = 0; i < nl - line; i++) {
+ if (isalnum(line[i]) || ispunct(line[i]))
+ continue;
+ warnx("%s: invalid URI", fn);
+ goto out;
+ }
  /* Check that the URI is sensible */
  if (!(strncasecmp(line, "https://", 8) == 0 ||
     strncasecmp(line, "rsync://", 8) == 0)) {

Reply | Threaded
Open this post in threaded view
|

Re: rpki-client extra paranoia

Theo Buehler-3
On Fri, Feb 19, 2021 at 10:54:29AM +0100, Claudio Jeker wrote:
> Better to make sure that all URI we ingest are sensitive. Similar check
> is already done in cert.c so also do it for the TAL files (even though
> these are normally controled by the user).
>
> OK?

ok

> --
> :wq Claudio
>
> Index: tal.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/tal.c,v
> retrieving revision 1.26
> diff -u -p -r1.26 tal.c
> --- tal.c 8 Jan 2021 08:09:07 -0000 1.26
> +++ tal.c 19 Feb 2021 09:21:18 -0000
> @@ -82,6 +82,7 @@ tal_parse_buffer(const char *fn, char *b
>   char *nl, *line, *f, *file = NULL;
>   unsigned char *der;
>   size_t sz, dersz;
> + ssize_t i;
>   int rc = 0;
>   struct tal *tal = NULL;
>   EVP_PKEY *pkey = NULL;
> @@ -101,6 +102,13 @@ tal_parse_buffer(const char *fn, char *b
>   if (*line == '\0')
>   break;
>  
> + /* make sure only US-ASCII chars are in the URL */
> + for (i = 0; i < nl - line; i++) {
> + if (isalnum(line[i]) || ispunct(line[i]))
> + continue;
> + warnx("%s: invalid URI", fn);
> + goto out;
> + }
>   /* Check that the URI is sensible */
>   if (!(strncasecmp(line, "https://", 8) == 0 ||
>      strncasecmp(line, "rsync://", 8) == 0)) {
>