CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2025/12/03 03:26:52
Modified files:
usr.sbin/rpki-client: ip.c
Log message:
rpki-client: fix ip_addr_afi_parse()
The somewhat weird length checks would nominally accept an octet string
of length 1, in which case the subsequent memcpy() would perform a 1-byte
overread (harmless since libcrypto 'helpfully' adds a trailing NUL) since
ip.c r1.12.
The only allowed length for an AFI are 2 and 3 per RFC 3779 and SAFI is
out, so pull the check for presence of the SAfI up and reject other
lengths != 2.
Also convert this function to opaque ASN1_STRING.
ok job
