Be stricter in what we accept as URL. Nobody should use silly encodings
like UTF-8 or other crap in the embedded URLs. I also consider any kind of
space as a failure (use %20 instead if that is really needed).
This makes later handling of URLs a lot safer (e.g. rpki-client prints
part of URLs in log messages).
OK?
--
:wq Claudio
Index: cert.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
retrieving revision 1.19
diff -u -p -r1.19 cert.c
--- cert.c 24 Oct 2020 08:09:39 -0000 1.19
+++ cert.c 2 Dec 2020 13:59:48 -0000
@@ -19,6 +19,7 @@
#include <arpa/inet.h>
#include <assert.h>
+#include <ctype.h>
#include <err.h>
#include <inttypes.h>
#include <stdarg.h>
@@ -141,6 +142,8 @@ static int
sbgp_sia_resource_notify(struct parse *p,
const unsigned char *d, size_t dsz)
{
+ size_t i;
+
if (p->res->notify != NULL) {
warnx("%s: RFC 6487 section 4.8.8: SIA: "
"Notify location already specified", p->fn);
@@ -153,6 +156,14 @@ sbgp_sia_resource_notify(struct parse *p
p->fn);
return 0;
}
+ /* make sure only US-ASCII chars are in the URL */
+ for (i = 0; i < dsz; i++) {
+ if (isalnum(d[i]) || ispunct(d[i]))
+ continue;
+ warnx("%s: invalid URI", p->fn);
+ return 0;
+ }
+
if ((p->res->notify = strndup((const char *)d, dsz)) == NULL)
err(1, NULL);
@@ -168,6 +179,8 @@ static int
sbgp_sia_resource_mft(struct parse *p,
const unsigned char *d, size_t dsz)
{
+ size_t i;
+
if (p->res->mft != NULL) {
warnx("%s: RFC 6487 section 4.8.8: SIA: "
"MFT location already specified", p->fn);
@@ -185,7 +198,13 @@ sbgp_sia_resource_mft(struct parse *p,
"invalid rsync URI suffix", p->fn);
return 0;
}
-
+ /* make sure only US-ASCII chars are in the URL */
+ for (i = 0; i < dsz; i++) {
+ if (isalnum(d[i]) || ispunct(d[i]))
+ continue;
+ warnx("%s: invalid URI", p->fn);
+ return 0;
+ }
if ((p->res->mft = strndup((const char *)d, dsz)) == NULL)
err(1, NULL);
