diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2022-11-02 11:28:37 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2022-11-02 11:28:37 +0000 |
| commit | f1e10000e7c19033a6027a37694b1b2cc66f8181 (patch) | |
| tree | d006aa821fa27c5876d8625170c5124ea00be8d6 | |
| parent | 0a80e5c42d67f2454226e96224eeecf58cc5e9ed (diff) | |
Length check URI before strncasecmp()
A priori URI is not NUL terminated, so we should first check it is long
enough before comparing it against proto. As a side effect, this now
rejects "https://" and "rsync://", which are invalid due to the missing
host in the authority section.
ok claudio
| -rw-r--r-- | usr.sbin/rpki-client/validate.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/usr.sbin/rpki-client/validate.c b/usr.sbin/rpki-client/validate.c index f1a63f6c91b..71d08236084 100644 --- a/usr.sbin/rpki-client/validate.c +++ b/usr.sbin/rpki-client/validate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: validate.c,v 1.45 2022/09/03 14:41:47 job Exp $ */ +/* $OpenBSD: validate.c,v 1.46 2022/11/02 11:28:36 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -290,6 +290,8 @@ valid_uri(const char *uri, size_t usz, const char *proto) if (proto != NULL) { s = strlen(proto); + if (s >= usz) + return 0; if (strncasecmp(uri, proto, s) != 0) return 0; } |