summaryrefslogtreecommitdiff
path: root/usr.sbin/rpki-client
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2024-06-06 07:19:11 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2024-06-06 07:19:11 +0000
commit14cb98cdf37829758f1aca7e785aaa9706878972 (patch)
treeab8acd7c5f36fce593413bfb1efd0a870018848a /usr.sbin/rpki-client
parenta005e5c3e157b5105217461f4e14d13a365fb91f (diff)
rpki-client: fix a crash in filemode
For an expired TA, cert is freed and zeroed in file mode and cert_print() crashes. For such TAs (and otherwise invalid ones) expired and notafter become dangling pointers. Invalidate them and set them only for valid TA certs. with/ok claudio
Diffstat (limited to 'usr.sbin/rpki-client')
-rw-r--r--usr.sbin/rpki-client/filemode.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/usr.sbin/rpki-client/filemode.c b/usr.sbin/rpki-client/filemode.c
index 7ebeaeafeab..630b633b2f0 100644
--- a/usr.sbin/rpki-client/filemode.c
+++ b/usr.sbin/rpki-client/filemode.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: filemode.c,v 1.42 2024/05/20 15:51:43 claudio Exp $ */
+/* $OpenBSD: filemode.c,v 1.43 2024/06/06 07:19:10 tb Exp $ */
/*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -526,9 +526,15 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
constraints_validate(file, cert);
}
} else if (is_ta) {
+ expires = NULL;
+ notafter = NULL;
if ((tal = find_tal(cert)) != NULL) {
cert = ta_parse(file, cert, tal->pkey, tal->pkeysz);
status = (cert != NULL);
+ if (status) {
+ expires = &cert->expires;
+ notafter = &cert->notafter;
+ }
if (outformats & FORMAT_JSON)
json_do_string("tal", tal->descr);
else
@@ -538,7 +544,6 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
} else {
cert_free(cert);
cert = NULL;
- expires = NULL;
status = 0;
}
}