diff options
author | Claudio Jeker <claudio@cvs.openbsd.org> | 2021-10-29 09:27:37 +0000 |
---|---|---|
committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2021-10-29 09:27:37 +0000 |
commit | 81700908c5f0f1c4ef66314824f3e4c5f0c883e4 (patch) | |
tree | 56ad197c65e72adea9af0ddfd19685b68366fb5a /usr.sbin/rpki-client | |
parent | ce0488bbaf25f86c7a07bbdffd20f1f37930047d (diff) |
Ensure that RRDP snapshot and delta files are fetched from the same host
as the notification file.
OK tb@ job@
Diffstat (limited to 'usr.sbin/rpki-client')
-rw-r--r-- | usr.sbin/rpki-client/extern.h | 3 | ||||
-rw-r--r-- | usr.sbin/rpki-client/rrdp.c | 5 | ||||
-rw-r--r-- | usr.sbin/rpki-client/rrdp.h | 5 | ||||
-rw-r--r-- | usr.sbin/rpki-client/rrdp_notification.c | 12 | ||||
-rw-r--r-- | usr.sbin/rpki-client/validate.c | 26 |
5 files changed, 41 insertions, 10 deletions
diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h index 77a3aa2bce4..c8c4cfac6c9 100644 --- a/usr.sbin/rpki-client/extern.h +++ b/usr.sbin/rpki-client/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.85 2021/10/28 13:51:42 job Exp $ */ +/* $OpenBSD: extern.h,v 1.86 2021/10/29 09:27:36 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -444,6 +444,7 @@ int valid_roa(const char *, struct auth_tree *, struct roa *); int valid_filename(const char *); int valid_filehash(const char *, const char *, size_t); int valid_uri(const char *, size_t, const char *); +int valid_origin(const char *, const char *); /* Working with CMS. */ unsigned char *cms_parse_validate(X509 **, const char *, diff --git a/usr.sbin/rpki-client/rrdp.c b/usr.sbin/rpki-client/rrdp.c index 5883d9c2fca..9b338bad16a 100644 --- a/usr.sbin/rpki-client/rrdp.c +++ b/usr.sbin/rpki-client/rrdp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rrdp.c,v 1.16 2021/10/28 11:57:00 claudio Exp $ */ +/* $OpenBSD: rrdp.c,v 1.17 2021/10/29 09:27:36 claudio Exp $ */ /* * Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com> * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org> @@ -208,7 +208,8 @@ rrdp_new(size_t id, char *local, char *notify, char *session_id, if ((s->parser = XML_ParserCreate("US-ASCII")) == NULL) err(1, "XML_ParserCreate"); - s->nxml = new_notification_xml(s->parser, &s->repository, &s->current); + s->nxml = new_notification_xml(s->parser, &s->repository, &s->current, + notify); TAILQ_INSERT_TAIL(&states, s, entry); diff --git a/usr.sbin/rpki-client/rrdp.h b/usr.sbin/rpki-client/rrdp.h index 9a230b7155c..a2ef3861274 100644 --- a/usr.sbin/rpki-client/rrdp.h +++ b/usr.sbin/rpki-client/rrdp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rrdp.h,v 1.5 2021/10/28 11:57:00 claudio Exp $ */ +/* $OpenBSD: rrdp.h,v 1.6 2021/10/29 09:27:36 claudio Exp $ */ /* * Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com> * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org> @@ -54,7 +54,8 @@ int publish_done(struct rrdp *, struct publish_xml *); struct notification_xml; struct notification_xml *new_notification_xml(XML_Parser, - struct rrdp_session *, struct rrdp_session *); + struct rrdp_session *, struct rrdp_session *, + const char *); void free_notification_xml(struct notification_xml *); enum rrdp_task notification_done(struct notification_xml *, char *); diff --git a/usr.sbin/rpki-client/rrdp_notification.c b/usr.sbin/rpki-client/rrdp_notification.c index 09eac7cf2f0..654dbf36ed3 100644 --- a/usr.sbin/rpki-client/rrdp_notification.c +++ b/usr.sbin/rpki-client/rrdp_notification.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rrdp_notification.c,v 1.8 2021/10/24 17:16:09 claudio Exp $ */ +/* $OpenBSD: rrdp_notification.c,v 1.9 2021/10/29 09:27:36 claudio Exp $ */ /* * Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com> * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org> @@ -54,6 +54,7 @@ struct notification_xml { XML_Parser parser; struct rrdp_session *repository; struct rrdp_session *current; + const char *notifyuri; char *session_id; char *snapshot_uri; char snapshot_hash[SHA256_DIGEST_LENGTH]; @@ -172,7 +173,8 @@ start_snapshot_elem(struct notification_xml *nxml, const char **attr) for (i = 0; attr[i]; i += 2) { if (strcmp("uri", attr[i]) == 0 && hasUri++ == 0) { if (valid_uri(attr[i + 1], strlen(attr[i + 1]), - "https://")) { + "https://") && + valid_origin(attr[i + 1], nxml->notifyuri)) { nxml->snapshot_uri = xstrdup(attr[i + 1]); continue; } @@ -217,7 +219,8 @@ start_delta_elem(struct notification_xml *nxml, const char **attr) for (i = 0; attr[i]; i += 2) { if (strcmp("uri", attr[i]) == 0 && hasUri++ == 0) { if (valid_uri(attr[i + 1], strlen(attr[i + 1]), - "https://")) { + "https://") && + valid_origin(attr[i + 1], nxml->notifyuri)) { delta_uri = attr[i + 1]; continue; } @@ -307,7 +310,7 @@ notification_xml_elem_end(void *data, const char *el) struct notification_xml * new_notification_xml(XML_Parser p, struct rrdp_session *repository, - struct rrdp_session *current) + struct rrdp_session *current, const char *notifyuri) { struct notification_xml *nxml; @@ -317,6 +320,7 @@ new_notification_xml(XML_Parser p, struct rrdp_session *repository, nxml->parser = p; nxml->repository = repository; nxml->current = current; + nxml->notifyuri = notifyuri; XML_SetElementHandler(nxml->parser, notification_xml_elem_start, notification_xml_elem_end); diff --git a/usr.sbin/rpki-client/validate.c b/usr.sbin/rpki-client/validate.c index 0e4e2547eaa..a6df8e6e0d9 100644 --- a/usr.sbin/rpki-client/validate.c +++ b/usr.sbin/rpki-client/validate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: validate.c,v 1.19 2021/10/27 21:56:58 beck Exp $ */ +/* $OpenBSD: validate.c,v 1.20 2021/10/29 09:27:36 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -341,3 +341,27 @@ valid_uri(const char *uri, size_t usz, const char *proto) return 1; } + +/* + * Validate that a URI has the same host as the URI passed in proto. + * Returns 1 if valid, 0 otherwise. + */ +int +valid_origin(const char *uri, const char *proto) +{ + const char *to; + + /* extract end of host from proto URI */ + to = strstr(proto, "://"); + if (to == NULL) + return 0; + to += strlen("://"); + if ((to = strchr(to, '/')) == NULL) + return 0; + + /* compare hosts including the / for the start of the path section */ + if (strncasecmp(uri, proto, to - proto + 1) != 0) + return 0; + + return 1; +} |