CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2025/04/02 03:51:42
Modified files:
usr.sbin/rpki-client: gbr.c
Log message:
Minimal gbr validation and printing fixes
Job noticed a while back that one of the two .gbr in the ecosystem is
malformed. Worse, it made filemode error out in json_do_string() when
dumping JSON because its vCard is an empty octet string (which means it
is the byte string 0x04 0x00, so it contains a control character):
SEQUENCE {
# rpkiGhostbusters
OBJECT_IDENTIFIER { 1.2.840.113549.1.9.16.1.35 }
[0] {
OCTET_STRING { OCTET_STRING {} }
}
}
A valid vCard contains a printable UTF-8 string and looks like this:
SEQUENCE {
# rpkiGhostbusters
OBJECT_IDENTIFIER { 1.2.840.113549.1.9.16.1.35 }
[0] {
OCTET_STRING { "BEGIN:VCARD\r\nVERSION:4.0\r\n..." }
}
}
Now vCards are crazy complicated (despite the simplifications RFC 6493
added to the full RFC 6350 madness) since the format is overly flexible
and they are defined to contain a subset of UTF-8 (for which no sane
portable C API exists).
As a minimal sanity check/validation, verify that it starts as expected,
and strvisx() the whole thing. Again this is an ugly kludge, but better
than more complicated logic right now.
ok claudio
