Strengthen the TAL parser

Prevents segfaults when there's no blank line between the URI
section and the public key, as well as when the file is empty.

Fixes #1.

diff --git a/src/object/certificate.c b/src/object/certificate.c
index b1d64c3572c42749c5b2157f9e73d6f39655c897..dc553471b1ca8a57bebb0f54bae2ae42a4ecd603 100644 (file)
--- a/src/object/certificate.c
+++ b/src/object/certificate.c
@@ -202,6 +202,10 @@ validate_spki(const unsigned char *cert_spk, int cert_spk_len)
         * trouble. We'll have to decode the TAL's SPKI though.
         */
 
+       /*
+        * TODO we're decoding the TAL's public key, but the stacked file name
+        * is the certificate's. It looks weird when it errors.
+        */
        tal_get_spki(tal, &_tal_spki, &_tal_spki_len);
        error = asn1_decode(_tal_spki, _tal_spki_len,
            &asn_DEF_SubjectPublicKeyInfo, (void **) &tal_spki);

diff --git a/src/object/tal.c b/src/object/tal.c
index 4022b6ccfaf9a90290eacec56e0a8c6c0554f1c7..14b97193985971d4234896f968e62082cd65b819 100644 (file)
--- a/src/object/tal.c
+++ b/src/object/tal.c
@@ -71,9 +71,11 @@ read_uris(struct line_file *lfile, struct uris *uris)
        if (error)
                return error;
 
+       if (uri == NULL)
+               return pr_err("TAL file is empty.");
        if (strcmp(uri, "") == 0) {
                free(uri);
-               return pr_err("TAL file contains no URIs");
+               return pr_err("There's no URI in the first line of the TAL.");
        }
 
        error = uris_add(uris, uri);
@@ -85,6 +87,8 @@ read_uris(struct line_file *lfile, struct uris *uris)
                if (error)
                        return error;
 
+               if (uri == NULL)
+                       return pr_err("TAL file ended prematurely. (Expected URI list, blank line and public key.)");
                if (strcmp(uri, "") == 0) {
                        free(uri);
                        return 0; /* Happy path */