diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2024-06-06 07:19:11 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2024-06-06 07:19:11 +0000 |
commit | 14cb98cdf37829758f1aca7e785aaa9706878972 (patch) | |
tree | ab8acd7c5f36fce593413bfb1efd0a870018848a /usr.sbin/rpki-client | |
parent | a005e5c3e157b5105217461f4e14d13a365fb91f (diff) |
rpki-client: fix a crash in filemode
For an expired TA, cert is freed and zeroed in file mode and cert_print()
crashes. For such TAs (and otherwise invalid ones) expired and notafter
become dangling pointers. Invalidate them and set them only for valid TA
certs.
with/ok claudio
Diffstat (limited to 'usr.sbin/rpki-client')
-rw-r--r-- | usr.sbin/rpki-client/filemode.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/usr.sbin/rpki-client/filemode.c b/usr.sbin/rpki-client/filemode.c index 7ebeaeafeab..630b633b2f0 100644 --- a/usr.sbin/rpki-client/filemode.c +++ b/usr.sbin/rpki-client/filemode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: filemode.c,v 1.42 2024/05/20 15:51:43 claudio Exp $ */ +/* $OpenBSD: filemode.c,v 1.43 2024/06/06 07:19:10 tb Exp $ */ /* * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> @@ -526,9 +526,15 @@ proc_parser_file(char *file, unsigned char *buf, size_t len) constraints_validate(file, cert); } } else if (is_ta) { + expires = NULL; + notafter = NULL; if ((tal = find_tal(cert)) != NULL) { cert = ta_parse(file, cert, tal->pkey, tal->pkeysz); status = (cert != NULL); + if (status) { + expires = &cert->expires; + notafter = &cert->notafter; + } if (outformats & FORMAT_JSON) json_do_string("tal", tal->descr); else @@ -538,7 +544,6 @@ proc_parser_file(char *file, unsigned char *buf, size_t len) } else { cert_free(cert); cert = NULL; - expires = NULL; status = 0; } } |