On Wed, Nov 03, 2021 at 12:41:52PM -0600, Theo de Raadt wrote:
> + size_t talid; /* covered by which TAL */
>
> You shouldn't use size_t
>
> It is 32bit on ILP32 systems, and 64bit on I32LP64 machines, because the
> underlying definition is:
>
> _types.h:typedef unsigned long __size_t;
>
> So suspect you want to use int or u_int.
Other code uses size_t because the ids are used as index in arrays.
It is overkill here the maximum number of TAL is 8 right now. That fits in
any kind of int.
Here an adjusted diff
--
:wq Claudio
Index: cert.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
retrieving revision 1.45
diff -u -p -r1.45 cert.c
--- cert.c 2 Nov 2021 19:30:30 -0000 1.45
+++ cert.c 3 Nov 2021 18:52:55 -0000
@@ -1220,7 +1220,6 @@ cert_free(struct cert *p)
free(p->aia);
free(p->aki);
free(p->ski);
- free(p->tal);
free(p->pubkey);
X509_free(p->x509);
free(p);
@@ -1263,13 +1262,14 @@ cert_buffer(struct ibuf *b, const struct
{
size_t i;
- io_simple_buffer(b, &p->expires, sizeof(time_t));
- io_simple_buffer(b, &p->purpose, sizeof(enum cert_purpose));
- io_simple_buffer(b, &p->ipsz, sizeof(size_t));
+ io_simple_buffer(b, &p->expires, sizeof(p->expires));
+ io_simple_buffer(b, &p->purpose, sizeof(p->purpose));
+ io_simple_buffer(b, &p->talid, sizeof(p->talid));
+ io_simple_buffer(b, &p->ipsz, sizeof(p->ipsz));
for (i = 0; i < p->ipsz; i++)
cert_ip_buffer(b, &p->ips[i]);
- io_simple_buffer(b, &p->asz, sizeof(size_t));
+ io_simple_buffer(b, &p->asz, sizeof(p->asz));
for (i = 0; i < p->asz; i++)
cert_as_buffer(b, &p->as[i]);
io_str_buffer(b, p->mft);
@@ -1279,7 +1279,6 @@ cert_buffer(struct ibuf *b, const struct
io_str_buffer(b, p->aia);
io_str_buffer(b, p->aki);
io_str_buffer(b, p->ski);
- io_str_buffer(b, p->tal);
io_str_buffer(b, p->pubkey);
}
@@ -1325,9 +1324,10 @@ cert_read(struct ibuf *b)
if ((p = calloc(1, sizeof(struct cert))) == NULL)
err(1, NULL);
- io_read_buf(b, &p->expires, sizeof(time_t));
- io_read_buf(b, &p->purpose, sizeof(enum cert_purpose));
- io_read_buf(b, &p->ipsz, sizeof(size_t));
+ io_read_buf(b, &p->expires, sizeof(p->expires));
+ io_read_buf(b, &p->purpose, sizeof(p->purpose));
+ io_read_buf(b, &p->talid, sizeof(p->talid));
+ io_read_buf(b, &p->ipsz, sizeof(p->ipsz));
p->ips = calloc(p->ipsz, sizeof(struct cert_ip));
if (p->ips == NULL)
@@ -1335,7 +1335,7 @@ cert_read(struct ibuf *b)
for (i = 0; i < p->ipsz; i++)
cert_ip_read(b, &p->ips[i]);
- io_read_buf(b, &p->asz, sizeof(size_t));
+ io_read_buf(b, &p->asz, sizeof(p->asz));
p->as = calloc(p->asz, sizeof(struct cert_as));
if (p->as == NULL)
err(1, NULL);
@@ -1349,7 +1349,6 @@ cert_read(struct ibuf *b)
io_read_str(b, &p->aia);
io_read_str(b, &p->aki);
io_read_str(b, &p->ski);
- io_read_str(b, &p->tal);
io_read_str(b, &p->pubkey);
assert(p->mft != NULL || p->purpose == CERT_PURPOSE_BGPSEC_ROUTER);
@@ -1406,8 +1405,7 @@ insert_brk(struct brk_tree *tree, struct
b->asid = asid;
b->expires = cert->expires;
- if ((b->tal = strdup(cert->tal)) == NULL)
- err(1, NULL);
+ b->talid = cert->talid;
if ((b->ski = strdup(cert->ski)) == NULL)
err(1, NULL);
if ((b->pubkey = strdup(cert->pubkey)) == NULL)
@@ -1420,13 +1418,10 @@ insert_brk(struct brk_tree *tree, struct
if ((found = RB_INSERT(brk_tree, tree, b)) != NULL) {
if (found->expires < b->expires) {
found->expires = b->expires;
- free(found->tal);
- found->tal = b->tal;
- b->tal = NULL;
+ found->talid = b->talid;
}
free(b->ski);
free(b->pubkey);
- free(b->tal);
free(b);
}
}
Index: extern.h
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/extern.h,v
retrieving revision 1.89
diff -u -p -r1.89 extern.h
--- extern.h 3 Nov 2021 10:50:18 -0000 1.89
+++ extern.h 3 Nov 2021 18:51:02 -0000
@@ -118,6 +118,7 @@ struct cert {
size_t ipsz; /* length of "ips" */
struct cert_as *as; /* list of AS numbers and ranges */
size_t asz; /* length of "asz" */
+ int talid; /* cert is covered by which TAL */
char *repo; /* CA repository (rsync:// uri) */
char *mft; /* manifest (rsync:// uri) */
char *notify; /* RRDP notify (https:// uri) */
@@ -125,8 +126,7 @@ struct cert {
char *aia; /* AIA (or NULL, for trust anchor) */
char *aki; /* AKI (or NULL, for trust anchor) */
char *ski; /* SKI */
- char *tal; /* basename of TAL for this cert */
- enum cert_purpose purpose; /* Certificate Purpose (BGPSec or CA)
*/
+ enum cert_purpose purpose; /* BGPSec or CA */
char *pubkey; /* Subject Public Key Info */
X509 *x509; /* the cert */
time_t expires; /* do not use after */
@@ -145,6 +145,7 @@ struct tal {
unsigned char *pkey; /* DER-encoded public key */
size_t pkeysz; /* length of pkey */
char *descr; /* basename of tal file */
+ int id; /* ID of this TAL */
};
/*
@@ -192,11 +193,11 @@ struct roa {
uint32_t asid; /* asID of ROA (if 0, RFC 6483 sec 4) */
struct roa_ip *ips; /* IP prefixes */
size_t ipsz; /* number of IP prefixes */
+ int talid; /* ROAs are covered by which TAL */
int valid; /* validated resources */
char *aia; /* AIA */
char *aki; /* AKI */
char *ski; /* SKI */
- char *tal; /* basename of TAL for this cert */
time_t expires; /* do not use after */
};
@@ -216,8 +217,8 @@ struct gbr {
struct vrp {
RB_ENTRY(vrp) entry;
struct ip_addr addr;
+ int talid; /* covered by which TAL */
uint32_t asid;
- char *tal; /* basename of TAL for this cert */
enum afi afi;
unsigned char maxlength;
time_t expires; /* transitive expiry moment */
@@ -234,7 +235,7 @@ RB_PROTOTYPE(vrp_tree, vrp, entry, vrpcm
struct brk {
RB_ENTRY(brk) entry;
uint32_t asid;
- char *tal; /* basename of TAL for this key */
+ int talid; /* covered by which TAL */
char *ski; /* Subject Key Identifier */
char *pubkey; /* Subject Public Key Info */
time_t expires; /* transitive expiry moment */
@@ -340,7 +341,7 @@ struct entity {
int has_data; /* whether data blob is specified */
unsigned char *data; /* optional data blob */
size_t datasz; /* length of optional data blob */
- char *descr; /* tal description */
+ int talid; /* tal identifier */
TAILQ_ENTRY(entity) entries;
};
TAILQ_HEAD(entityq, entity);
@@ -377,7 +378,6 @@ struct stats {
size_t del_files; /* number of files removed in cleanup */
size_t del_dirs; /* number of directories removed in cleanup */
size_t brks; /* number of BGPsec Router Key (BRK) certificates */
- char *talnames;
struct timeval elapsed_time;
struct timeval user_time;
struct timeval system_time;
@@ -388,6 +388,9 @@ struct msgbuf;
/* global variables */
extern int verbose;
+extern const char *tals[];
+extern const char *taldescs[];
+extern size_t talsz;
/* Routines for RPKI entities. */
Index: main.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
retrieving revision 1.160
diff -u -p -r1.160 main.c
--- main.c 1 Nov 2021 17:00:34 -0000 1.160
+++ main.c 3 Nov 2021 17:59:27 -0000
@@ -49,6 +49,10 @@
*/
#define TALSZ_MAX 8
+const char *tals[TALSZ_MAX];
+const char *taldescs[TALSZ_MAX];
+size_t talsz;
+
size_t entity_queue;
int timeout = 60*60;
volatile sig_atomic_t killme;
@@ -90,7 +94,6 @@ entity_free(struct entity *ent)
free(ent->data);
free(ent->file);
- free(ent->descr);
free(ent);
}
@@ -103,8 +106,8 @@ void
entity_read_req(struct ibuf *b, struct entity *ent)
{
io_read_buf(b, &ent->type, sizeof(ent->type));
+ io_read_buf(b, &ent->talid, sizeof(ent->talid));
io_read_str(b, &ent->file);
- io_read_str(b, &ent->descr);
io_read_buf(b, &ent->has_data, sizeof(ent->has_data));
if (ent->has_data)
io_read_buf_alloc(b, (void **)&ent->data, &ent->datasz);
@@ -127,8 +130,8 @@ entity_write_req(const struct entity *en
b = io_new_buffer();
io_simple_buffer(b, &ent->type, sizeof(ent->type));
+ io_simple_buffer(b, &ent->talid, sizeof(ent->talid));
io_str_buffer(b, ent->file);
- io_str_buffer(b, ent->descr);
io_simple_buffer(b, &ent->has_data, sizeof(int));
if (ent->has_data)
io_buf_buffer(b, ent->data, ent->datasz);
@@ -169,7 +172,7 @@ entityq_flush(struct entityq *q, struct
*/
static void
entityq_add(char *file, enum rtype type, struct repo *rp,
- unsigned char *data, size_t datasz, char *descr)
+ unsigned char *data, size_t datasz, int talid)
{
struct entity *p;
@@ -177,15 +180,13 @@ entityq_add(char *file, enum rtype type,
err(1, NULL);
p->type = type;
+ p->talid = talid;
p->file = file;
p->has_data = data != NULL;
if (p->has_data) {
p->data = data;
p->datasz = datasz;
}
- if (descr != NULL)
- if ((p->descr = strdup(descr)) == NULL)
- err(1, NULL);
entity_queue++;
@@ -336,7 +337,7 @@ queue_add_from_mft(const char *mft, cons
* that the repository has already been loaded.
*/
- entityq_add(nfile, type, NULL, NULL, 0, NULL);
+ entityq_add(nfile, type, NULL, NULL, 0, -1);
}
/*
@@ -384,7 +385,7 @@ queue_add_from_mft_set(const struct mft
* Add a local TAL file (RFC 7730) to the queue of files to fetch.
*/
static void
-queue_add_tal(const char *file)
+queue_add_tal(const char *file, int id)
{
unsigned char *buf;
char *nfile;
@@ -398,21 +399,8 @@ queue_add_tal(const char *file)
return;
}
- /* Record tal for later reporting */
- if (stats.talnames == NULL) {
- if ((stats.talnames = strdup(file)) == NULL)
- err(1, NULL);
- } else {
- char *tmp;
-
- if (asprintf(&tmp, "%s %s", stats.talnames, file) == -1)
- err(1, NULL);
- free(stats.talnames);
- stats.talnames = tmp;
- }
-
/* Not in a repository, so directly add to queue. */
- entityq_add(nfile, RTYPE_TAL, NULL, buf, len, NULL);
+ entityq_add(nfile, RTYPE_TAL, NULL, buf, len, id);
}
/*
@@ -426,6 +414,9 @@ queue_add_from_tal(struct tal *tal)
assert(tal->urisz);
+ if ((taldescs[tal->id] = strdup(tal->descr)) == NULL)
+ err(1, NULL);
+
/* Look up the repository. */
repo = ta_lookup(tal);
@@ -433,7 +424,7 @@ queue_add_from_tal(struct tal *tal)
data = tal->pkey;
tal->pkey = NULL;
entityq_add(NULL, RTYPE_CER, repo, data,
- tal->pkeysz, tal->descr);
+ tal->pkeysz, tal->id);
}
/*
@@ -453,7 +444,7 @@ queue_add_from_cert(const struct cert *c
if ((nfile = strdup(cert->mft)) == NULL)
err(1, NULL);
- entityq_add(nfile, RTYPE_MFT, repo, NULL, 0, NULL);
+ entityq_add(nfile, RTYPE_MFT, repo, NULL, 0, -1);
}
/*
@@ -609,7 +600,7 @@ rrdp_process(struct ibuf *b)
* Don't exceded "max" filenames.
*/
static size_t
-tal_load_default(const char *tals[], size_t max)
+tal_load_default(void)
{
static const char *confdir = "/etc/rpki";
size_t s = 0;
@@ -623,7 +614,7 @@ tal_load_default(const char *tals[], siz
while ((dp = readdir(dirp)) != NULL) {
if (fnmatch("*.tal", dp->d_name, FNM_PERIOD) == FNM_NOMATCH)
continue;
- if (s >= max)
+ if (s >= TALSZ_MAX)
err(1, "too many tal files found in %s",
confdir);
if (asprintf(&path, "%s/%s", confdir, dp->d_name) == -1)
@@ -672,7 +663,7 @@ main(int argc, char *argv[])
{
int rc, c, st, proc, rsync, http, rrdp, ok, hangup = 0;
int fl = SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK;
- size_t i, id, talsz = 0;
+ size_t i, id;
pid_t pid, procpid, rsyncpid, httppid, rrdppid;
int fd[2];
struct pollfd pfd[NPFD];
@@ -682,7 +673,7 @@ main(int argc, char *argv[])
char *rsync_prog = "openrsync";
char *bind_addr = NULL;
const char *cachedir = NULL, *outputdir = NULL;
- const char *tals[TALSZ_MAX], *errs, *name;
+ const char *errs, *name;
const char *file = NULL;
struct vrp_tree vrps = RB_INITIALIZER(&vrps);
struct brk_tree brks = RB_INITIALIZER(&brks);
@@ -799,7 +790,7 @@ main(int argc, char *argv[])
outformats = FORMAT_OPENBGPD;
if (talsz == 0)
- talsz = tal_load_default(tals, TALSZ_MAX);
+ talsz = tal_load_default();
if (talsz == 0)
err(1, "no TAL files found in %s", "/etc/rpki");
@@ -999,7 +990,7 @@ main(int argc, char *argv[])
*/
for (i = 0; i < talsz; i++)
- queue_add_tal(tals[i]);
+ queue_add_tal(tals[i], i);
/* change working directory to the cache directory */
if (fchdir(cachefd) == -1)
@@ -1170,7 +1161,6 @@ main(int argc, char *argv[])
if (outputfiles(&vrps, &brks, &stats))
rc = 1;
-
logx("Processing time %lld seconds "
"(%lld seconds user, %lld seconds system)",
(long long)stats.elapsed_time.tv_sec,
@@ -1181,7 +1171,8 @@ main(int argc, char *argv[])
logx("BGPsec Router Certificates: %zu", stats.brks);
logx("Certificates: %zu (%zu invalid)",
stats.certs, stats.certs_fail);
- logx("Trust Anchor Locators: %zu", stats.tals);
+ logx("Trust Anchor Locators: %zu (%zu invalid)",
+ stats.tals, talsz - stats.tals);
logx("Manifests: %zu (%zu failed parse, %zu stale)",
stats.mfts, stats.mfts_fail, stats.mfts_stale);
logx("Certificate revocation lists: %zu", stats.crls);
Index: output-csv.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/output-csv.c,v
retrieving revision 1.11
diff -u -p -r1.11 output-csv.c
--- output-csv.c 11 Oct 2021 16:50:03 -0000 1.11
+++ output-csv.c 3 Nov 2021 17:47:36 -0000
@@ -34,7 +34,8 @@ output_csv(FILE *out, struct vrp_tree *v
ip_addr_print(&v->addr, v->afi, buf, sizeof(buf));
if (fprintf(out, "AS%u,%s,%u,%s,%lld\n", v->asid, buf,
- v->maxlength, v->tal, (long long)v->expires) < 0)
+ v->maxlength, taldescs[v->talid],
+ (long long)v->expires) < 0)
return -1;
}
return 0;
Index: output-json.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/output-json.c,v
retrieving revision 1.21
diff -u -p -r1.21 output-json.c
--- output-json.c 1 Nov 2021 17:00:34 -0000 1.21
+++ output-json.c 3 Nov 2021 17:48:29 -0000
@@ -28,6 +28,7 @@ outputheader_json(FILE *out, struct stat
char hn[NI_MAXHOST], tbuf[26];
struct tm *tp;
time_t t;
+ size_t i;
time(&t);
setenv("TZ", "UTC", 1);
@@ -50,7 +51,24 @@ outputheader_json(FILE *out, struct stat
"\t\t\"certificates\": %zu,\n"
"\t\t\"invalidcertificates\": %zu,\n"
"\t\t\"tals\": %zu,\n"
- "\t\t\"talfiles\": \"%s\",\n"
+ "\t\t\"invalidtals\": %zu,\n"
+ "\t\t\"talfiles\": [\n",
+ hn, tbuf, (long long)st->elapsed_time.tv_sec,
+ (long long)st->user_time.tv_sec, (long long)st->system_time.tv_sec,
+ st->roas, st->roas_fail, st->roas_invalid,
+ st->brks, st->certs, st->certs_fail,
+ st->tals, talsz - st->tals) < 0)
+ return -1;
+
+ for (i = 0; i < talsz; i++) {
+ if (fprintf(out,
+ "\t\t\t\"%s\"%s\n",
+ tals[i], i == talsz - 1 ? "" : ",") < 0)
+ return -1;
+ }
+
+ if (fprintf(out,
+ "\t\t],\n"
"\t\t\"manifests\": %zu,\n"
"\t\t\"failedmanifests\": %zu,\n"
"\t\t\"stalemanifests\": %zu,\n"
@@ -62,11 +80,6 @@ outputheader_json(FILE *out, struct stat
"\t\t\"cachedir_del_files\": %zu,\n"
"\t\t\"cachedir_del_dirs\": %zu\n"
"\t},\n\n",
- hn, tbuf, (long long)st->elapsed_time.tv_sec,
- (long long)st->user_time.tv_sec, (long long)st->system_time.tv_sec,
- st->roas, st->roas_fail, st->roas_invalid,
- st->brks, st->certs, st->certs_fail,
- st->tals, st->talnames,
st->mfts, st->mfts_fail, st->mfts_stale,
st->crls,
st->gbrs,
@@ -103,7 +116,8 @@ output_json(FILE *out, struct vrp_tree *
if (fprintf(out, "\t\t{ \"asn\": %u, \"prefix\": \"%s\", "
"\"maxLength\": %u, \"ta\": \"%s\", \"expires\": %lld }",
- v->asid, buf, v->maxlength, v->tal, (long long)v->expires)
+ v->asid, buf, v->maxlength, taldescs[v->talid],
+ (long long)v->expires)
< 0)
return -1;
}
@@ -121,7 +135,7 @@ output_json(FILE *out, struct vrp_tree *
if (fprintf(out, "\t\t{ \"asn\": %u, \"ski\": \"%s\", "
"\"pubkey\": \"%s\", \"ta\": \"%s\", \"expires\": %lld }",
- b->asid, b->ski, b->pubkey, b->tal,
+ b->asid, b->ski, b->pubkey, taldescs[b->talid],
(long long)b->expires) < 0)
return -1;
}
Index: output.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/output.c,v
retrieving revision 1.23
diff -u -p -r1.23 output.c
--- output.c 1 Nov 2021 17:00:34 -0000 1.23
+++ output.c 3 Nov 2021 18:19:15 -0000
@@ -201,6 +201,7 @@ outputheader(FILE *out, struct stats *st
char hn[NI_MAXHOST], tbuf[80];
struct tm *tp;
time_t t;
+ size_t i;
time(&t);
setenv("TZ", "UTC", 1);
@@ -211,21 +212,31 @@ outputheader(FILE *out, struct stats *st
if (fprintf(out,
"# Generated on host %s at %s\n"
- "# Processing time %lld seconds (%lld seconds user, %lld seconds
system)\n"
+ "# Processing time %lld seconds (%llds user, %llds system)\n"
"# Route Origin Authorizations: %zu (%zu failed parse, %zu
invalid)\n"
"# BGPsec Router Certificates: %zu\n"
- "# Certificates: %zu (%zu invalid)\n"
- "# Trust Anchor Locators: %zu (%s)\n"
+ "# Certificates: %zu (%zu invalid)\n",
+ hn, tbuf, (long long)st->elapsed_time.tv_sec,
+ (long long)st->user_time.tv_sec, (long long)st->system_time.tv_sec,
+ st->roas, st->roas_fail, st->roas_invalid,
+ st->brks, st->certs, st->certs_fail) < 0)
+ return -1;
+
+ if (fprintf(out,
+ "# Trust Anchor Locators: %zu (%zu invalid) [", st->tals,
+ talsz - st->tals) < 0)
+ return -1;
+ for (i = 0; i < talsz; i++)
+ if (fprintf(out, " %s", tals[i]) < 0)
+ return -1;
+
+ if (fprintf(out,
+ " ]\n"
"# Manifests: %zu (%zu failed parse, %zu stale)\n"
"# Certificate revocation lists: %zu\n"
"# Ghostbuster records: %zu\n"
"# Repositories: %zu\n"
"# VRP Entries: %zu (%zu unique)\n",
- hn, tbuf, (long long)st->elapsed_time.tv_sec,
- (long long)st->user_time.tv_sec, (long long)st->system_time.tv_sec,
- st->roas, st->roas_fail, st->roas_invalid,
- st->brks, st->certs, st->certs_fail,
- st->tals, st->talnames,
st->mfts, st->mfts_fail, st->mfts_stale,
st->crls,
st->gbrs,
Index: parser.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v
retrieving revision 1.26
diff -u -p -r1.26 parser.c
--- parser.c 3 Nov 2021 10:50:18 -0000 1.26
+++ parser.c 3 Nov 2021 18:01:58 -0000
@@ -233,8 +233,7 @@ proc_parser_cert(const struct entity *en
sk_X509_free(chain);
sk_X509_CRL_free(crls);
- if ((cert->tal = strdup(a->cert->tal)) == NULL)
- err(1, NULL);
+ cert->talid = a->cert->talid;
/* Validate the cert to get the parent */
if (!valid_cert(entp->file, &auths, cert)) {
@@ -319,8 +318,7 @@ proc_parser_root_cert(const struct entit
goto badcert;
}
- if ((cert->tal = strdup(entp->descr)) == NULL)
- err(1, NULL);
+ cert->talid = entp->talid;
/*
* Add valid roots to the RPKI auth tree.
@@ -521,6 +519,7 @@ parse_entity(struct entityq *q, struct m
entp->datasz)) == NULL)
errx(1, "%s: could not parse tal file",
entp->file);
+ tal->id = entp->talid;
tal_buffer(b, tal);
tal_free(tal);
break;
Index: roa.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/roa.c,v
retrieving revision 1.30
diff -u -p -r1.30 roa.c
--- roa.c 28 Oct 2021 09:02:19 -0000 1.30
+++ roa.c 3 Nov 2021 18:56:05 -0000
@@ -409,7 +409,6 @@ roa_free(struct roa *p)
free(p->aki);
free(p->ski);
free(p->ips);
- free(p->tal);
free(p);
}
@@ -422,10 +421,11 @@ roa_buffer(struct ibuf *b, const struct
{
size_t i;
- io_simple_buffer(b, &p->valid, sizeof(int));
- io_simple_buffer(b, &p->asid, sizeof(uint32_t));
- io_simple_buffer(b, &p->ipsz, sizeof(size_t));
- io_simple_buffer(b, &p->expires, sizeof(time_t));
+ io_simple_buffer(b, &p->valid, sizeof(p->valid));
+ io_simple_buffer(b, &p->asid, sizeof(p->asid));
+ io_simple_buffer(b, &p->talid, sizeof(p->talid));
+ io_simple_buffer(b, &p->ipsz, sizeof(p->ipsz));
+ io_simple_buffer(b, &p->expires, sizeof(p->expires));
for (i = 0; i < p->ipsz; i++) {
io_simple_buffer(b, &p->ips[i].afi, sizeof(enum afi));
@@ -438,7 +438,6 @@ roa_buffer(struct ibuf *b, const struct
io_str_buffer(b, p->aia);
io_str_buffer(b, p->aki);
io_str_buffer(b, p->ski);
- io_str_buffer(b, p->tal);
}
/*
@@ -455,10 +454,11 @@ roa_read(struct ibuf *b)
if ((p = calloc(1, sizeof(struct roa))) == NULL)
err(1, NULL);
- io_read_buf(b, &p->valid, sizeof(int));
- io_read_buf(b, &p->asid, sizeof(uint32_t));
- io_read_buf(b, &p->ipsz, sizeof(size_t));
- io_read_buf(b, &p->expires, sizeof(time_t));
+ io_read_buf(b, &p->valid, sizeof(p->valid));
+ io_read_buf(b, &p->asid, sizeof(p->asid));
+ io_read_buf(b, &p->talid, sizeof(p->talid));
+ io_read_buf(b, &p->ipsz, sizeof(p->ipsz));
+ io_read_buf(b, &p->expires, sizeof(p->expires));
if ((p->ips = calloc(p->ipsz, sizeof(struct roa_ip))) == NULL)
err(1, NULL);
@@ -474,8 +474,7 @@ roa_read(struct ibuf *b)
io_read_str(b, &p->aia);
io_read_str(b, &p->aki);
io_read_str(b, &p->ski);
- io_read_str(b, &p->tal);
- assert(p->aia && p->aki && p->ski && p->tal);
+ assert(p->aia && p->aki && p->ski);
return p;
}
@@ -499,8 +498,7 @@ roa_insert_vrps(struct vrp_tree *tree, s
v->addr = roa->ips[i].addr;
v->maxlength = roa->ips[i].maxlength;
v->asid = roa->asid;
- if ((v->tal = strdup(roa->tal)) == NULL)
- err(1, NULL);
+ v->talid = roa->talid;
v->expires = roa->expires;
/*
@@ -512,12 +510,9 @@ roa_insert_vrps(struct vrp_tree *tree, s
/* already exists */
if (found->expires < v->expires) {
/* update found with preferred data */
- found->expires = roa->expires;
- free(found->tal);
- found->tal = v->tal;
- v->tal = NULL;
+ found->talid = v->talid;
+ found->expires = v->expires;
}
- free(v->tal);
free(v);
} else
(*uniqs)++;
Index: tal.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/tal.c,v
retrieving revision 1.32
diff -u -p -r1.32 tal.c
--- tal.c 26 Oct 2021 16:12:54 -0000 1.32
+++ tal.c 3 Nov 2021 18:56:40 -0000
@@ -213,9 +213,10 @@ tal_buffer(struct ibuf *b, const struct
{
size_t i;
+ io_simple_buffer(b, &p->id, sizeof(p->id));
io_buf_buffer(b, p->pkey, p->pkeysz);
io_str_buffer(b, p->descr);
- io_simple_buffer(b, &p->urisz, sizeof(size_t));
+ io_simple_buffer(b, &p->urisz, sizeof(p->urisz));
for (i = 0; i < p->urisz; i++)
io_str_buffer(b, p->uri[i]);
@@ -235,9 +236,10 @@ tal_read(struct ibuf *b)
if ((p = calloc(1, sizeof(struct tal))) == NULL)
err(1, NULL);
+ io_read_buf(b, &p->id, sizeof(p->id));
io_read_buf_alloc(b, (void **)&p->pkey, &p->pkeysz);
io_read_str(b, &p->descr);
- io_read_buf(b, &p->urisz, sizeof(size_t));
+ io_read_buf(b, &p->urisz, sizeof(p->urisz));
assert(p->pkeysz > 0);
assert(p->descr);
assert(p->urisz > 0);
Index: validate.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/validate.c,v
retrieving revision 1.21
diff -u -p -r1.21 validate.c
--- validate.c 1 Nov 2021 09:12:18 -0000 1.21
+++ validate.c 3 Nov 2021 17:52:05 -0000
@@ -217,8 +217,7 @@ valid_roa(const char *fn, struct auth_tr
if (a == NULL)
return 0;
- if ((roa->tal = strdup(a->cert->tal)) == NULL)
- err(1, NULL);
+ roa->talid = a->cert->talid;
for (i = 0; i < roa->ipsz; i++) {
if (valid_ip(a, roa->ips[i].afi, roa->ips[i].min,
