On Tue, May 10, 2022 at 01:47:44PM +0200, Theo Buehler wrote:
> In sbgp_asrange() and sbgp_addr_range(), the ASN1_SEQUENCE_ANY *seq is
> potentially leaked due to early return 0 instead of goto out. The last
> hunk collides with my IPAddrBlocks diff. Sending this out so I don't
> forget.
>
> Index: cert.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
> retrieving revision 1.71
> diff -u -p -r1.71 cert.c
> --- cert.c 21 Apr 2022 12:59:03 -0000 1.71
> +++ cert.c 10 May 2022 11:35:57 -0000
> @@ -161,7 +161,7 @@ sbgp_asrange(struct parse *p, const unsi
> if (!as_id_parse(t->value.integer, &as.range.min)) {
> warnx("%s: RFC 3779 section 3.2.3.8 (via RFC 1930): "
> "malformed AS identifier", p->fn);
> - return 0;
> + goto out;
> }
>
> t = sk_ASN1_TYPE_value(seq, 1);
> @@ -174,7 +174,7 @@ sbgp_asrange(struct parse *p, const unsi
> if (!as_id_parse(t->value.integer, &as.range.max)) {
> warnx("%s: RFC 3779 section 3.2.3.8 (via RFC 1930): "
> "malformed AS identifier", p->fn);
> - return 0;
> + goto out;
> }
>
> if (as.range.max == as.range.min) {
> @@ -471,7 +471,7 @@ sbgp_addr_range(struct parse *p, struct
> if (!ip_cert_compose_ranges(ip)) {
> warnx("%s: RFC 3779 section 2.2.3.9: IPAddressRange: "
> "IP address range reversed", p->fn);
> - return 0;
> + goto out;
> }
>
> rc = append_ip(p, ip);
>
OK claudio@
--
:wq Claudio
