Avoid out-of-bounds accesses in case the filename is too showrt to

contain an extension of length four.

ok claudio

2 files changed, 6 insertions, 2 deletions

diff --git a/usr.sbin/rpki-client/main.c b/usr.sbin/rpki-client/main.c
index d372cb47ccb..8c8cf377ecb 100644
--- a/usr.sbin/rpki-client/main.c
+++ b/usr.sbin/rpki-client/main.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: main.c,v 1.179 2022/01/19 17:15:08 job Exp $ */
+/*	$OpenBSD: main.c,v 1.180 2022/01/21 14:08:33 tb Exp $ */
 /*
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -842,6 +842,8 @@ main(int argc, char *argv[])
 		size_t sz;
 
 		sz = strlen(file);
+		if (sz < 5)
+			errx(1, "unsupported or invalid file: %s", file);
 		if (strcasecmp(file + sz - 4, ".tal") != 0 &&
 		    strcasecmp(file + sz - 4, ".cer") != 0 &&
 		    strcasecmp(file + sz - 4, ".crl") != 0 &&
diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c
index 2e33838368e..70b198f2a40 100644
--- a/usr.sbin/rpki-client/parser.c
+++ b/usr.sbin/rpki-client/parser.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parser.c,v 1.47 2022/01/20 16:36:19 claudio Exp $ */
+/*	$OpenBSD: parser.c,v 1.48 2022/01/21 14:08:33 tb Exp $ */
 /*
  * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -916,6 +916,8 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
 	unsigned long verify_flags = X509_V_FLAG_CRL_CHECK;
 
 	sz = strlen(file);
+	if (sz < 5)
+		errx(1, "%s: unsupported file type", file);
 	if (strcasecmp(file + sz - 4, ".tal") == 0)
 		type = RTYPE_TAL;
 	else if (strcasecmp(file + sz - 4, ".cer") == 0)