diff options
| -rw-r--r-- | usr.sbin/rpki-client/encoding.c | 2 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/http.c | 8 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/ip.c | 5 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/main.c | 6 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/output-bgpd.c | 5 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/output-bird.c | 13 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/output-csv.c | 5 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/repo.c | 12 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/rrdp.c | 2 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/rsync.c | 27 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/validate.c | 8 |
11 files changed, 52 insertions, 41 deletions
diff --git a/usr.sbin/rpki-client/encoding.c b/usr.sbin/rpki-client/encoding.c index 4afe7946183..ab8416d61cd 100644 --- a/usr.sbin/rpki-client/encoding.c +++ b/usr.sbin/rpki-client/encoding.c @@ -1,4 +1,4 @@ -/* $OpenBSD: encoding.c,v 1.1 2021/04/01 06:43:23 claudio Exp $ */ +/* $OpenBSD: encoding.c,v 1.2 2021/04/19 17:04:35 deraadt Exp $ */ /* * Copyright (c) 2020 Claudio Jeker <claudio@openbsd.org> * diff --git a/usr.sbin/rpki-client/http.c b/usr.sbin/rpki-client/http.c index 17aabc447e4..d500012da54 100644 --- a/usr.sbin/rpki-client/http.c +++ b/usr.sbin/rpki-client/http.c @@ -1,4 +1,4 @@ -/* $OpenBSD: http.c,v 1.30 2021/04/15 16:07:21 claudio Exp $ */ +/* $OpenBSD: http.c,v 1.31 2021/04/19 17:04:35 deraadt Exp $ */ /* * Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com> * Copyright (c) 2020 Claudio Jeker <claudio@openbsd.org> @@ -1156,8 +1156,6 @@ proc_http(char *bind_addr, int fd) { struct http_connection *http_conns[MAX_CONNECTIONS]; struct pollfd pfds[MAX_CONNECTIONS + 1]; - size_t i; - int active_connections; if (bind_addr != NULL) { struct addrinfo hints, *res; @@ -1184,7 +1182,9 @@ proc_http(char *bind_addr, int fd) msgq.fd = fd; for (;;) { - active_connections = 0; + int active_connections = 0; + size_t i; + for (i = 0; i < MAX_CONNECTIONS; i++) { struct http_connection *conn = http_conns[i]; diff --git a/usr.sbin/rpki-client/ip.c b/usr.sbin/rpki-client/ip.c index 447f56c3b7c..9a7cc756014 100644 --- a/usr.sbin/rpki-client/ip.c +++ b/usr.sbin/rpki-client/ip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip.c,v 1.16 2021/03/29 06:15:29 deraadt Exp $ */ +/* $OpenBSD: ip.c,v 1.17 2021/04/19 17:04:35 deraadt Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -110,7 +110,6 @@ ip_addr_check_overlap(const struct cert_ip *ip, const char *fn, size_t i, sz = ip->afi == AFI_IPV4 ? 4 : 16; int inherit_v4 = 0, inherit_v6 = 0; int has_v4 = 0, has_v6 = 0, socktype; - char buf[64]; /* * FIXME: cache this by having a flag on the cert_ip, else we're @@ -147,6 +146,8 @@ ip_addr_check_overlap(const struct cert_ip *ip, const char *fn, /* Check our ranges. */ for (i = 0; i < ipsz; i++) { + char buf[64]; + if (ips[i].afi != ip->afi) continue; if (memcmp(ips[i].max, ip->min, sz) <= 0 || diff --git a/usr.sbin/rpki-client/main.c b/usr.sbin/rpki-client/main.c index 618cdfe7b3e..5c862a90e4e 100644 --- a/usr.sbin/rpki-client/main.c +++ b/usr.sbin/rpki-client/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.138 2021/04/15 14:22:05 claudio Exp $ */ +/* $OpenBSD: main.c,v 1.139 2021/04/19 17:04:35 deraadt Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -145,13 +145,14 @@ entityq_flush(struct entityq *q, struct repo *rp) struct entity *p, *np; TAILQ_FOREACH_SAFE(p, q, entries, np) { + char *file = p->file; + /* * XXX fixup path here since the repo may change * during load because of fallback. In that case * the file path changes as well since RRDP and RSYNC * can not share a common repo. */ - char *file = p->file; p->file = repo_filename(rp, file); if (p->file == NULL) err(1, "can't construct repo filename"); @@ -405,6 +406,7 @@ queue_add_tal(const char *file) err(1, NULL); } else { char *tmp; + if (asprintf(&tmp, "%s %s", stats.talnames, file) == -1) err(1, NULL); free(stats.talnames); diff --git a/usr.sbin/rpki-client/output-bgpd.c b/usr.sbin/rpki-client/output-bgpd.c index 8b72a093154..4281ecfec6c 100644 --- a/usr.sbin/rpki-client/output-bgpd.c +++ b/usr.sbin/rpki-client/output-bgpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: output-bgpd.c,v 1.20 2021/03/29 03:39:14 deraadt Exp $ */ +/* $OpenBSD: output-bgpd.c,v 1.21 2021/04/19 17:04:35 deraadt Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -22,7 +22,6 @@ int output_bgpd(FILE *out, struct vrp_tree *vrps, struct stats *st) { - char ipbuf[64], maxlenbuf[100]; struct vrp *v; if (outputheader(out, st) < 0) @@ -32,6 +31,8 @@ output_bgpd(FILE *out, struct vrp_tree *vrps, struct stats *st) return -1; RB_FOREACH(v, vrp_tree, vrps) { + char ipbuf[64], maxlenbuf[100]; + ip_addr_print(&v->addr, v->afi, ipbuf, sizeof(ipbuf)); if (v->maxlength > v->addr.prefixlen) { int ret = snprintf(maxlenbuf, sizeof(maxlenbuf), diff --git a/usr.sbin/rpki-client/output-bird.c b/usr.sbin/rpki-client/output-bird.c index 0d0ce3d5e29..217f73e5bd2 100644 --- a/usr.sbin/rpki-client/output-bird.c +++ b/usr.sbin/rpki-client/output-bird.c @@ -1,4 +1,4 @@ -/* $OpenBSD: output-bird.c,v 1.10 2020/09/12 15:46:48 claudio Exp $ */ +/* $OpenBSD: output-bird.c,v 1.11 2021/04/19 17:04:35 deraadt Exp $ */ /* * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org> * Copyright (c) 2020 Robert Scheck <robert@fedoraproject.org> @@ -24,7 +24,6 @@ int output_bird1v4(FILE *out, struct vrp_tree *vrps, struct stats *st) { extern const char *bird_tablename; - char buf[64]; struct vrp *v; if (outputheader(out, st) < 0) @@ -34,6 +33,8 @@ output_bird1v4(FILE *out, struct vrp_tree *vrps, struct stats *st) return -1; RB_FOREACH(v, vrp_tree, vrps) { + char buf[64]; + if (v->afi == AFI_IPV4) { ip_addr_print(&v->addr, v->afi, buf, sizeof(buf)); if (fprintf(out, "\troa %s max %u as %u;\n", buf, @@ -51,7 +52,6 @@ int output_bird1v6(FILE *out, struct vrp_tree *vrps, struct stats *st) { extern const char *bird_tablename; - char buf[64]; struct vrp *v; if (outputheader(out, st) < 0) @@ -61,6 +61,8 @@ output_bird1v6(FILE *out, struct vrp_tree *vrps, struct stats *st) return -1; RB_FOREACH(v, vrp_tree, vrps) { + char buf[64]; + if (v->afi == AFI_IPV6) { ip_addr_print(&v->addr, v->afi, buf, sizeof(buf)); if (fprintf(out, "\troa %s max %u as %u;\n", buf, @@ -78,7 +80,6 @@ int output_bird2(FILE *out, struct vrp_tree *vrps, struct stats *st) { extern const char *bird_tablename; - char buf[64]; struct vrp *v; time_t now = time(NULL); @@ -93,6 +94,8 @@ output_bird2(FILE *out, struct vrp_tree *vrps, struct stats *st) return -1; RB_FOREACH(v, vrp_tree, vrps) { + char buf[64]; + if (v->afi == AFI_IPV4) { ip_addr_print(&v->addr, v->afi, buf, sizeof(buf)); if (fprintf(out, "\troute %s max %u as %u;\n", buf, @@ -106,6 +109,8 @@ output_bird2(FILE *out, struct vrp_tree *vrps, struct stats *st) return -1; RB_FOREACH(v, vrp_tree, vrps) { + char buf[64]; + if (v->afi == AFI_IPV6) { ip_addr_print(&v->addr, v->afi, buf, sizeof(buf)); if (fprintf(out, "\troute %s max %u as %u;\n", buf, diff --git a/usr.sbin/rpki-client/output-csv.c b/usr.sbin/rpki-client/output-csv.c index be899a0f876..26033eb5ae2 100644 --- a/usr.sbin/rpki-client/output-csv.c +++ b/usr.sbin/rpki-client/output-csv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: output-csv.c,v 1.8 2020/09/12 15:46:48 claudio Exp $ */ +/* $OpenBSD: output-csv.c,v 1.9 2021/04/19 17:04:35 deraadt Exp $ */ /* * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org> * @@ -22,13 +22,14 @@ int output_csv(FILE *out, struct vrp_tree *vrps, struct stats *st) { - char buf[64]; struct vrp *v; if (fprintf(out, "ASN,IP Prefix,Max Length,Trust Anchor\n") < 0) return -1; RB_FOREACH(v, vrp_tree, vrps) { + char buf[64]; + ip_addr_print(&v->addr, v->afi, buf, sizeof(buf)); if (fprintf(out, "AS%u,%s,%u,%s\n", v->asid, buf, v->maxlength, v->tal) < 0) diff --git a/usr.sbin/rpki-client/repo.c b/usr.sbin/rpki-client/repo.c index 981dfab5808..8f40e491d29 100644 --- a/usr.sbin/rpki-client/repo.c +++ b/usr.sbin/rpki-client/repo.c @@ -1,4 +1,4 @@ -/* $OpenBSD: repo.c,v 1.5 2021/04/13 13:35:59 claudio Exp $ */ +/* $OpenBSD: repo.c,v 1.6 2021/04/19 17:04:35 deraadt Exp $ */ /* * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> @@ -326,8 +326,6 @@ rrdp_state_filename(const struct rrdprepo *rr, int temp) static void ta_fetch(struct tarepo *tr) { - int fd; - logx("ta/%s: pulling from %s", tr->descr, tr->uri[tr->uriidx]); if (strncasecmp(tr->uri[tr->uriidx], "rsync://", 8) == 0) { @@ -337,6 +335,8 @@ ta_fetch(struct tarepo *tr) */ rsync_fetch(tr->id, tr->uri[tr->uriidx], tr->basedir); } else { + int fd; + tr->temp = ta_filename(tr, 1); fd = mkostemp(tr->temp, O_CLOEXEC); if (fd == -1) { @@ -1151,14 +1151,10 @@ repo_cleanup(struct filepath_tree *tree) { size_t i, delsz = 0, dirsz = 0; char **del = NULL, **dir = NULL; - char *argv[4]; + char *argv[4] = { "ta", "rsync", "rrdp", NULL }; FTS *fts; FTSENT *e; - argv[0] = "ta"; - argv[1] = "rsync"; - argv[2] = "rrdp"; - argv[3] = NULL; if ((fts = fts_open(argv, FTS_PHYSICAL | FTS_NOSTAT, NULL)) == NULL) err(1, "fts_open"); errno = 0; diff --git a/usr.sbin/rpki-client/rrdp.c b/usr.sbin/rpki-client/rrdp.c index 4ac925c5272..d6dacceda55 100644 --- a/usr.sbin/rpki-client/rrdp.c +++ b/usr.sbin/rpki-client/rrdp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rrdp.c,v 1.5 2021/04/15 13:31:30 claudio Exp $ */ +/* $OpenBSD: rrdp.c,v 1.6 2021/04/19 17:04:35 deraadt Exp $ */ /* * Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com> * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org> diff --git a/usr.sbin/rpki-client/rsync.c b/usr.sbin/rpki-client/rsync.c index 6bb104122ae..d2eb4c26c7a 100644 --- a/usr.sbin/rpki-client/rsync.c +++ b/usr.sbin/rpki-client/rsync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsync.c,v 1.23 2021/04/01 11:04:30 job Exp $ */ +/* $OpenBSD: rsync.c,v 1.24 2021/04/19 17:04:35 deraadt Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -116,17 +116,10 @@ proc_child(int signal) void proc_rsync(char *prog, char *bind_addr, int fd) { - size_t id, i, idsz = 0; - ssize_t ssz; - char *uri = NULL, *dst = NULL, *path, *save, *cmd; - const char *pp; - pid_t pid; - char *args[32]; - int st, rc = 0; - struct stat stt; + size_t i, idsz = 0; + int rc = 0; struct pollfd pfd; struct msgbuf msgq; - struct ibuf *b; sigset_t mask, oldmask; struct rsyncproc *ids = NULL; @@ -143,6 +136,10 @@ proc_rsync(char *prog, char *bind_addr, int fd) */ if (strchr(prog, '/') == NULL) { + const char *pp; + char *save, *cmd, *path; + struct stat stt; + if (getenv("PATH") == NULL) errx(1, "PATH is unset"); if ((path = strdup(getenv("PATH"))) == NULL) @@ -180,6 +177,12 @@ proc_rsync(char *prog, char *bind_addr, int fd) err(1, NULL); for (;;) { + char *uri = NULL, *dst = NULL; + ssize_t ssz; + size_t id; + pid_t pid; + int st; + pfd.events = POLLIN; if (msgq.queued) pfd.events |= POLLOUT; @@ -196,6 +199,7 @@ proc_rsync(char *prog, char *bind_addr, int fd) */ while ((pid = waitpid(WAIT_ANY, &st, WNOHANG)) > 0) { + struct ibuf *b; int ok = 1; for (i = 0; i < idsz; i++) @@ -265,6 +269,8 @@ proc_rsync(char *prog, char *bind_addr, int fd) err(1, "fork"); if (pid == 0) { + char *args[32]; + if (pledge("stdio exec", NULL) == -1) err(1, "pledge"); i = 0; @@ -280,6 +286,7 @@ proc_rsync(char *prog, char *bind_addr, int fd) args[i++] = uri; args[i++] = dst; args[i] = NULL; + /* XXX args overflow not prevented */ execvp(args[0], args); err(1, "%s: execvp", prog); } diff --git a/usr.sbin/rpki-client/validate.c b/usr.sbin/rpki-client/validate.c index 3470884ec9d..8c3d2803dd8 100644 --- a/usr.sbin/rpki-client/validate.c +++ b/usr.sbin/rpki-client/validate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: validate.c,v 1.13 2021/03/05 17:15:19 claudio Exp $ */ +/* $OpenBSD: validate.c,v 1.14 2021/04/19 17:04:35 deraadt Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -53,8 +53,7 @@ valid_as(struct auth *a, uint32_t min, uint32_t max) /* Does this certificate cover our AS number? */ if (a->cert->asz) { - c = as_check_covered(min, max, - a->cert->as, a->cert->asz); + c = as_check_covered(min, max, a->cert->as, a->cert->asz); if (c > 0) return 1; else if (c < 0) @@ -81,8 +80,7 @@ valid_ip(struct auth *a, enum afi afi, return 0; /* Does this certificate cover our IP prefix? */ - c = ip_addr_check_covered(afi, min, max, - a->cert->ips, a->cert->ipsz); + c = ip_addr_check_covered(afi, min, max, a->cert->ips, a->cert->ipsz); if (c > 0) return 1; else if (c < 0) |