diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2023-12-14 07:52:54 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2023-12-14 07:52:54 +0000 |
commit | ec409160ef75f808a7d874a000a3920a56b25f61 (patch) | |
tree | 5ef51f5dc1aa21ae148811a633b6d7e53bca4bbb /usr.bin/telnet | |
parent | 555429f2eac30ee61b1967e4422de1042d63516f (diff) |
rpki-client: make IP address block checks stricter
There are only two valid AFIs in this context, so check that we have one
or two of them. We only accept the IPv4 and IPv6 AFIs in ip_add_afi_parse()
and reject any SAFI, so enforce that neither AFI is repeated. This doesn't
change things for certificates, where all this is implied by other checks
combined. Making this explicit and match the logic needed for ROAs is a win.
looks good to job
ok claudio
Diffstat (limited to 'usr.bin/telnet')
0 files changed, 0 insertions, 0 deletions