In sbgp_asrange() and sbgp_addr_range(), the ASN1_SEQUENCE_ANY *seq is
potentially leaked due to early return 0 instead of goto out. The last
hunk collides with my IPAddrBlocks diff. Sending this out so I don't
forget.
Index: cert.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
retrieving revision 1.71
diff -u -p -r1.71 cert.c
--- cert.c 21 Apr 2022 12:59:03 -0000 1.71
+++ cert.c 10 May 2022 11:35:57 -0000
@@ -161,7 +161,7 @@ sbgp_asrange(struct parse *p, const unsi
if (!as_id_parse(t->value.integer, &as.range.min)) {
warnx("%s: RFC 3779 section 3.2.3.8 (via RFC 1930): "
"malformed AS identifier", p->fn);
- return 0;
+ goto out;
}
t = sk_ASN1_TYPE_value(seq, 1);
@@ -174,7 +174,7 @@ sbgp_asrange(struct parse *p, const unsi
if (!as_id_parse(t->value.integer, &as.range.max)) {
warnx("%s: RFC 3779 section 3.2.3.8 (via RFC 1930): "
"malformed AS identifier", p->fn);
- return 0;
+ goto out;
}
if (as.range.max == as.range.min) {
@@ -471,7 +471,7 @@ sbgp_addr_range(struct parse *p, struct
if (!ip_cert_compose_ranges(ip)) {
warnx("%s: RFC 3779 section 2.2.3.9: IPAddressRange: "
"IP address range reversed", p->fn);
- return 0;
+ goto out;
}
rc = append_ip(p, ip);
