So ghostbuster records (rfc6493) are showing up in RPKI datasets and instead of silently ignoring them rpki-client should first of all validate the file hash in the manifest and later on also validate the CMS data.
This first diff does ensure that all files in an mft are present and have a valid hash (no matter if rpki-client is able to handle them or not). While enquing the work for the parser issue a warning for files that are currently not known (anything else than .crl, .cer and .roa). Seems to work for me :) -- :wq Claudio Index: main.c =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v retrieving revision 1.85 diff -u -p -r1.85 main.c --- main.c 2 Dec 2020 15:31:15 -0000 1.85 +++ main.c 7 Dec 2020 20:54:39 -0000 @@ -518,6 +518,17 @@ queue_add_from_mft_set(int fd, struct en continue; queue_add_from_mft(fd, q, mft->file, f, RTYPE_ROA, eid); } + + for (i = 0; i < mft->filesz; i++) { + f = &mft->files[i]; + sz = strlen(f->file); + assert(sz > 4); + if (strcasecmp(f->file + sz - 4, ".crl") == 0 || + strcasecmp(f->file + sz - 4, ".cer") == 0 || + strcasecmp(f->file + sz - 4, ".roa") == 0) + continue; + logx("%s: unsupported file type: %s", mft->file, f->file); + } } /* Index: mft.c =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/mft.c,v retrieving revision 1.19 diff -u -p -r1.19 mft.c --- mft.c 6 Nov 2020 04:22:18 -0000 1.19 +++ mft.c 7 Dec 2020 20:47:53 -0000 @@ -171,16 +171,6 @@ mft_parse_filehash(struct parse *p, cons goto out; } - if (strcasecmp(fn + sz - 4, ".roa") && - strcasecmp(fn + sz - 4, ".crl") && - strcasecmp(fn + sz - 4, ".cer")) { - /* ignore unknown files */ - free(fn); - fn = NULL; - rc = 1; - goto out; - } - /* Now hash value. */ hash = sk_ASN1_TYPE_value(seq, 1);