diff options
| author | Claudio Jeker <claudio@cvs.openbsd.org> | 2022-02-03 18:19:33 +0000 |
|---|---|---|
| committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2022-02-03 18:19:33 +0000 |
| commit | 0cc530304c02e8081adbe3074e73e54157ac93e8 (patch) | |
| tree | c21409f97581e7cd44756962d077daafda44e509 | |
| parent | cefd5f92a388a17ec88afae2016c654003d33465 (diff) | |
Enforce the RRDP XMLNS to "http://www.ripe.net/rpki/rrdp"
Missing check reported by Ties de Kock
OK tb@ benno@
| -rw-r--r-- | usr.sbin/rpki-client/rrdp.h | 3 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/rrdp_delta.c | 5 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/rrdp_notification.c | 5 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/rrdp_snapshot.c | 5 |
4 files changed, 11 insertions, 7 deletions
diff --git a/usr.sbin/rpki-client/rrdp.h b/usr.sbin/rpki-client/rrdp.h index 7c7258a47e2..36c97561822 100644 --- a/usr.sbin/rpki-client/rrdp.h +++ b/usr.sbin/rpki-client/rrdp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rrdp.h,v 1.7 2021/11/24 15:24:16 claudio Exp $ */ +/* $OpenBSD: rrdp.h,v 1.8 2022/02/03 18:19:32 claudio Exp $ */ /* * Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com> * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org> @@ -18,6 +18,7 @@ #ifndef _RRDPH_ #define _RRDPH_ +#define RRDP_XMLNS "http://www.ripe.net/rpki/rrdp" #define MAX_VERSION 1 #define log_debuginfo(format, ...) logx(format, ##__VA_ARGS__) diff --git a/usr.sbin/rpki-client/rrdp_delta.c b/usr.sbin/rpki-client/rrdp_delta.c index 52683c47214..3a8629ad98f 100644 --- a/usr.sbin/rpki-client/rrdp_delta.c +++ b/usr.sbin/rpki-client/rrdp_delta.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rrdp_delta.c,v 1.6 2021/11/09 11:01:04 claudio Exp $ */ +/* $OpenBSD: rrdp_delta.c,v 1.7 2022/02/03 18:19:32 claudio Exp $ */ /* * Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com> * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org> @@ -66,7 +66,8 @@ start_delta_elem(struct delta_xml *dxml, const char **attr) "parse failed - entered delta elem unexpectedely"); for (i = 0; attr[i]; i += 2) { const char *errstr; - if (strcmp("xmlns", attr[i]) == 0) { + if (strcmp("xmlns", attr[i]) == 0 && + strcmp(RRDP_XMLNS, attr[i + 1]) == 0) { has_xmlns = 1; continue; } diff --git a/usr.sbin/rpki-client/rrdp_notification.c b/usr.sbin/rpki-client/rrdp_notification.c index 9bc415585ff..c6cdb0bbf82 100644 --- a/usr.sbin/rpki-client/rrdp_notification.c +++ b/usr.sbin/rpki-client/rrdp_notification.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rrdp_notification.c,v 1.12 2021/11/24 15:24:16 claudio Exp $ */ +/* $OpenBSD: rrdp_notification.c,v 1.13 2022/02/03 18:19:32 claudio Exp $ */ /* * Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com> * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org> @@ -120,7 +120,8 @@ start_notification_elem(struct notification_xml *nxml, const char **attr) "parse failed - entered notification elem unexpectedely"); for (i = 0; attr[i]; i += 2) { const char *errstr; - if (strcmp("xmlns", attr[i]) == 0) { + if (strcmp("xmlns", attr[i]) == 0 && + strcmp(RRDP_XMLNS, attr[i + 1]) == 0) { has_xmlns = 1; continue; } diff --git a/usr.sbin/rpki-client/rrdp_snapshot.c b/usr.sbin/rpki-client/rrdp_snapshot.c index 3e060d3e25e..47423c12548 100644 --- a/usr.sbin/rpki-client/rrdp_snapshot.c +++ b/usr.sbin/rpki-client/rrdp_snapshot.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rrdp_snapshot.c,v 1.5 2021/11/09 11:01:04 claudio Exp $ */ +/* $OpenBSD: rrdp_snapshot.c,v 1.6 2022/02/03 18:19:32 claudio Exp $ */ /* * Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com> * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org> @@ -58,7 +58,8 @@ start_snapshot_elem(struct snapshot_xml *sxml, const char **attr) "parse failed - entered snapshot elem unexpectedely"); for (i = 0; attr[i]; i += 2) { const char *errstr; - if (strcmp("xmlns", attr[i]) == 0) { + if (strcmp("xmlns", attr[i]) == 0 && + strcmp(RRDP_XMLNS, attr[i + 1]) == 0) { has_xmlns = 1; continue; } |