When an rrdp request fails because the hash of a delta or snapshot is
incorrect the repo never finishes because the setting of
RRDP_STATE_PARSE_DONE and the call to rrdp_finished() is skipped.
The result is a hanging rpki-client until the alarm kills it after 1h.
This simple diff should fix the issue. Added extra contex to make it more
obvious why this return is bad.
--
:wq Claudio
Index: rrdp.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/rrdp.c,v
retrieving revision 1.1
diff -u -p -U14 -r1.1 rrdp.c
--- rrdp.c 1 Apr 2021 16:04:48 -0000 1.1
+++ rrdp.c 6 Apr 2021 16:00:14 -0000
@@ -474,29 +474,28 @@ rrdp_data_handler(struct rrdp *s)
if ((s->state & RRDP_STATE_PARSE) == 0)
errx(1, "%s: bad parser state", s->local);
if (len == 0) {
/* parser stage finished */
close(s->infd);
s->infd = -1;
if (s->task != NOTIFICATION) {
char h[SHA256_DIGEST_LENGTH];
SHA256_Final(h, &s->ctx);
if (memcmp(s->hash, h, sizeof(s->hash)) != 0) {
s->state |= RRDP_STATE_PARSE_ERROR;
warnx("%s: bad message digest", s->local);
- return;
}
}
s->state |= RRDP_STATE_PARSE_DONE;
rrdp_finished(s);
return;
}
/* parse and maybe hash the bytes just read */
if (s->task != NOTIFICATION)
SHA256_Update(&s->ctx, buf, len);
if ((s->state & RRDP_STATE_PARSE_ERROR) == 0 &&
XML_Parse(p, buf, len, 0) != XML_STATUS_OK) {
s->state |= RRDP_STATE_PARSE_ERROR;
