On Wed, Nov 09, 2022 at 06:07:47PM +0000, Job Snijders wrote:
> Hi all,
>
> The ASN.1 profile in draft-ietf-sidrops-rfc6482bis section 4
> https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rfc6482bis-01
> specifies that there must not be more than 2 ipAddrBlocks (one for IPv4,
> and one for IPv6). This changeset enforces that constraint. Compatible
> with all published ROAs.
>
> OK?
>
> Kind regards,
>
> Job
>
> Index: roa.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/roa.c,v
> retrieving revision 1.55
> diff -u -p -r1.55 roa.c
> --- roa.c 4 Nov 2022 09:43:13 -0000 1.55
> +++ roa.c 9 Nov 2022 18:04:59 -0000
> @@ -111,6 +111,7 @@ roa_parse_econtent(const unsigned char *
> long maxlen;
> struct ip_addr ipaddr;
> struct roa_ip *res;
> + int ipaddrblocksz;
> int i, j, rc = 0;
>
> if ((roa = d2i_RouteOriginAttestation(NULL, &d, dsz)) == NULL) {
> @@ -128,7 +129,14 @@ roa_parse_econtent(const unsigned char *
> goto out;
> }
>
> - for (i = 0; i < sk_ROAIPAddressFamily_num(roa->ipAddrBlocks); i++) {
> + ipaddrblocksz = sk_ROAIPAddressFamily_num(roa->ipAddrBlocks);
> + if (ipaddrblocksz > 2) {
> + warnx("%s: draft-rfc6482bis: too many ipAddrBlocks (got %i, "
Please use %d
> + "expected 1 or 2)", p->fn, ipaddrblocksz);
I'd prefer having the parens open and close on the same line
ok tb
> + goto out;
> + }
> +
> + for (i = 0; i < ipaddrblocksz; i++) {
> addrfam = sk_ROAIPAddressFamily_value(roa->ipAddrBlocks, i);
> addrs = addrfam->addresses;
> addrsz = sk_ROAIPAddress_num(addrs);
>
