diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2022-11-26 15:45:48 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2022-11-26 15:45:48 +0000 |
commit | 8eacf7b1c332fcaa29bef8b33df255735ca4614f (patch) | |
tree | 256f3f230d80ff3d0c5bbcd3aeec5ef6e85db0cb /usr.sbin | |
parent | 3b89abd14bd0dd68f602ba2f2474b8e67d790854 (diff) |
Two small tweaks to the geofeed code
Only allocate b64 when it is needed. This way we can avoid allocating extra
memory for the signed data itself. Also, only check for the end signature
marker when it is actually expected. It's not forbidden - if stupid - to
have a comment '# End Signature:' in the signed data.
ok job
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/rpki-client/geofeed.c | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/usr.sbin/rpki-client/geofeed.c b/usr.sbin/rpki-client/geofeed.c index b5838919b98..dee17c933d3 100644 --- a/usr.sbin/rpki-client/geofeed.c +++ b/usr.sbin/rpki-client/geofeed.c @@ -1,4 +1,4 @@ -/* $OpenBSD: geofeed.c,v 1.1 2022/11/26 12:02:37 job Exp $ */ +/* $OpenBSD: geofeed.c,v 1.2 2022/11/26 15:45:47 tb Exp $ */ /* * Copyright (c) 2022 Job Snijders <job@fastly.com> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> @@ -120,10 +120,6 @@ geofeed_parse(X509 **x509, const char *fn, char *buf, size_t len) if ((p.res = calloc(1, sizeof(struct geofeed))) == NULL) err(1, NULL); - if ((b64 = calloc(1, len)) == NULL) - err(1, NULL); - b64sz = len; - while ((nl = memchr(buf, '\n', len)) != NULL) { line = buf; @@ -148,13 +144,13 @@ geofeed_parse(X509 **x509, const char *fn, char *buf, size_t len) goto out; } - if (strncmp(line, "# End Signature:", - strlen("# End Signature:")) == 0) { - end_signature_seen = 1; - continue; - } - if (rpki_signature_seen) { + if (strncmp(line, "# End Signature:", + strlen("# End Signature:")) == 0) { + end_signature_seen = 1; + continue; + } + if (linelen > 74) { warnx("%s: line in signature section too long", fn); @@ -175,6 +171,11 @@ geofeed_parse(X509 **x509, const char *fn, char *buf, size_t len) if (strncmp(line, "# RPKI Signature:", strlen("# RPKI Signature:")) == 0) { rpki_signature_seen = 1; + + if ((b64 = calloc(1, len)) == NULL) + err(1, NULL); + b64sz = len; + continue; } |