From: pcarana Date: Fri, 1 Feb 2019 01:30:44 +0000 (-0600) Subject: Adapt types from long to INTEGER_t X-Git-Tag: v0.0.2~98^2~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=33fafb82a157fe9488455e9d5eefde9b13b5bac0;p=thirdparty%2FFORT-validator.git Adapt types from long to INTEGER_t --- diff --git a/src/asn1/signed_data.c b/src/asn1/signed_data.c index 5004181a..08236a89 100644 --- a/src/asn1/signed_data.c +++ b/src/asn1/signed_data.c @@ -243,6 +243,7 @@ validate(struct SignedData *sdata, struct signed_object_args *args) { struct SignerInfo *sinfo; OCTET_STRING_t *sid = NULL; + unsigned long version; int error; /* rfc6488#section-2.1 */ @@ -253,9 +254,15 @@ validate(struct SignedData *sdata, struct signed_object_args *args) /* rfc6488#section-2.1.1 */ /* rfc6488#section-3.1.b */ - if (sdata->version != 3) { - return pr_err("The SignedData version is only allowed to be 3. (Was %ld.)", - sdata->version); + error = asn_INTEGER2ulong(&sdata->version, &version); + if (error) { + if (errno) + pr_errno(errno, "Error converting SignedData version: "); + return pr_err("The SignedData version isn't a valid unsigned long"); + } + if (version != 3) { + return pr_err("The SignedData version is only allowed to be 3. (Was %lu.)", + version); } /* rfc6488#section-2.1.2 */ @@ -295,9 +302,16 @@ validate(struct SignedData *sdata, struct signed_object_args *args) sinfo = sdata->signerInfos.list.array[0]; if (sinfo == NULL) return pr_err("The SignerInfo object is NULL."); - if (sinfo->version != 3) { - return pr_err("The SignerInfo version is only allowed to be 3. (Was %ld.)", - sinfo->version); + + error = asn_INTEGER2ulong(&sinfo->version, &version); + if (error) { + if (errno) + pr_errno(errno, "Error converting SignerInfo version: "); + return pr_err("The SignerInfo version isn't a valid unsigned long"); + } + if (version != 3) { + return pr_err("The SignerInfo version is only allowed to be 3. (Was %lu.)", + version); } /* rfc6488#section-2.1.6.2 */ diff --git a/src/object/manifest.c b/src/object/manifest.c index 8bd796f4..e26e1e5a 100644 --- a/src/object/manifest.c +++ b/src/object/manifest.c @@ -28,6 +28,7 @@ validate_dates(GeneralizedTime_t *this, GeneralizedTime_t *next) static int validate_manifest(struct Manifest *manifest) { + long version; bool is_sha256; int error; @@ -47,9 +48,16 @@ validate_manifest(struct Manifest *manifest) */ /* rfc6486#section-4.4.2 */ - if (manifest->version != 0) - return -EINVAL; - + if (manifest->version != NULL) { + error = asn_INTEGER2long(manifest->version, &version); + if (error) { + if (errno) + pr_errno(errno, "Error casting manifest version: "); + return pr_err("The manifest version isn't a valid long"); + } + if (version != 0) + return -EINVAL; + } /* * TODO "Manifest verifiers MUST be able to handle number values up to * 20 octets." diff --git a/src/object/roa.c b/src/object/roa.c index 5e6c3762..10f7f0b1 100644 --- a/src/object/roa.c +++ b/src/object/roa.c @@ -23,7 +23,12 @@ print_addr4(struct resources *parent, long asn, struct ROAIPAddress *roa_addr) return error; if (roa_addr->maxLength != NULL) { - max_length = *roa_addr->maxLength; + error = asn_INTEGER2long(roa_addr->maxLength, &max_length); + if (error) { + if (errno) + pr_errno(errno, "Error casting ROA's IPv4 maxLength: "); + return pr_err("The ROA's IPv4 maxLength isn't a valid long"); + } if (max_length < 0 || 32 < max_length) { return pr_err("maxLength (%ld) is out of bounds (0-32).", @@ -69,7 +74,12 @@ print_addr6(struct resources *parent, long asn, struct ROAIPAddress *roa_addr) return error; if (roa_addr->maxLength != NULL) { - max_length = *roa_addr->maxLength; + error = asn_INTEGER2long(roa_addr->maxLength, &max_length); + if (error) { + if (errno) + pr_errno(errno, "Error casting ROA's IPv6 maxLength: "); + return pr_err("The ROA's IPv6 maxLength isn't a valid long"); + } if (max_length < 0 || 128 < max_length) { return pr_err("maxLength (%ld) is out of bounds (0-128).", @@ -119,18 +129,34 @@ static int __handle_roa(struct RouteOriginAttestation *roa, struct resources *parent) { struct ROAIPAddressFamily *block; + unsigned long as_id; + long version; int b; int a; int error; - /* rfc6482#section-3.1 */ - if (roa->version != 0) - return pr_err("ROA's version (%ld) is nonzero.", roa->version); + if (roa->version != NULL) { + error = asn_INTEGER2long(roa->version, &version); + if (error) { + if (errno) + pr_errno(errno, "Error casting ROA's version: "); + return pr_err("The ROA's version isn't a valid long"); + } + /* rfc6482#section-3.1 */ + if (version != 0) + return pr_err("ROA's version (%ld) is nonzero.", version); + } + error = asn_INTEGER2ulong(&roa->asID, &as_id); + if (error) { + if (errno) + pr_errno(errno, "Error casting ROA's AS ID value: "); + return pr_err("ROA's AS ID couldn't be parsed as unsigned long"); + } /* rfc6482#section-3.2 (more or less.) */ - if (!resources_contains_asn(parent, roa->asID)) { + if (!resources_contains_asn(parent, as_id)) { return pr_err("ROA is not allowed to attest for AS %d", - roa->asID); + as_id); } /* rfc6482#section-3.3 */ @@ -154,7 +180,13 @@ __handle_roa(struct RouteOriginAttestation *roa, struct resources *parent) if (block->addresses.list.array == NULL) return pr_err("ROA's address list array is NULL."); for (a = 0; a < block->addresses.list.count; a++) { - error = print_addr(parent, roa->asID, + error = asn_INTEGER2ulong(&roa->asID, &as_id); + if (error) { + if (errno) + pr_errno(errno, "Error casting AS ID at address list: "); + return error; + } + error = print_addr(parent, as_id, block->addressFamily.buf[1], block->addresses.list.array[a]); if (error) diff --git a/src/resource.c b/src/resource.c index f5573e9f..f761522b 100644 --- a/src/resource.c +++ b/src/resource.c @@ -404,9 +404,22 @@ static int add_asn(struct resources *resources, ASId_t min, ASId_t max, struct resources *parent) { + unsigned long asn_min, asn_max; int error; - if (parent && !rasn_contains(parent->asns, min, max)) + error = asn_INTEGER2ulong(&min, &asn_min); + if (error) { + if (errno) + pr_errno(errno, "Error converting ASN min value: "); + return pr_err("Added ASN min value isn't a valid unsigned long"); + } + error = asn_INTEGER2ulong(&max, &asn_max); + if (error) { + if (errno) + pr_errno(errno, "Error converting ASN max value: "); + return pr_err("Added ASN max value isn't a valid unsigned long"); + } + if (parent && !rasn_contains(parent->asns, asn_min, asn_max)) return pr_err("Parent certificate doesn't own child's ASN resource."); if (resources->asns == NULL) { @@ -422,10 +435,10 @@ add_asn(struct resources *resources, ASId_t min, ASId_t max, return error; } - if (min == max) - pr_debug("ASN: %ld", min); + if (asn_min == asn_max) + pr_debug("ASN: %lu", asn_min); else - pr_debug("ASN: %ld-%ld", min, max); + pr_debug("ASN: %lu-%lu", asn_min, asn_max); return 0; } @@ -493,7 +506,7 @@ resources_empty(struct resources *res) } bool -resources_contains_asn(struct resources *res, ASId_t asn) +resources_contains_asn(struct resources *res, long asn) { return rasn_contains(res->asns, asn, asn); } diff --git a/src/resource.h b/src/resource.h index 25cbc637..daee8d39 100644 --- a/src/resource.h +++ b/src/resource.h @@ -17,7 +17,7 @@ int resources_add_ip(struct resources *, struct IPAddressFamily *); int resources_add_asn(struct resources *, struct ASIdentifiers *); bool resources_empty(struct resources *); -bool resources_contains_asn(struct resources *, ASId_t); +bool resources_contains_asn(struct resources *, long); bool resources_contains_ipv4(struct resources *, struct ipv4_prefix *); bool resources_contains_ipv6(struct resources *, struct ipv6_prefix *); diff --git a/src/resource/asn.c b/src/resource/asn.c index 11581ab9..16734426 100644 --- a/src/resource/asn.c +++ b/src/resource/asn.c @@ -1,19 +1,22 @@ #include "asn.h" +#include + +#include "log.h" #include "sorted_array.h" struct asn_node { - ASId_t min; - ASId_t max; + long min; + long max; }; static enum sarray_comparison asn_cmp(void *arg1, void *arg2) { - ASId_t n1min = ((struct asn_node *) arg1)->min; - ASId_t n2min = ((struct asn_node *) arg2)->min; - ASId_t n1max = ((struct asn_node *) arg1)->max; - ASId_t n2max = ((struct asn_node *) arg2)->max; + long n1min = ((struct asn_node *) arg1)->min; + long n1max = ((struct asn_node *) arg1)->max; + long n2min = ((struct asn_node *) arg2)->min; + long n2max = ((struct asn_node *) arg2)->max; if (n1min == n2min && n1max == n2max) return SACMP_EQUAL; @@ -55,7 +58,23 @@ rasn_put(struct resources_asn *asns) int rasn_add(struct resources_asn *asns, ASId_t min, ASId_t max) { - struct asn_node n = { min, max }; + unsigned long l_min; + unsigned long l_max; + int error; + + error = asn_INTEGER2ulong(&min, &l_min); + if (error) { + if (errno) + pr_errno(errno, "ASN min value: "); + return pr_err("ASN min value isn't a valid unsigned long"); + } + error = asn_INTEGER2ulong(&max, &l_max); + if (error) { + if (errno) + pr_errno(errno, "ASN max value: "); + return pr_err("ASN max value isn't a valid unsigned long"); + } + struct asn_node n = { l_min, l_max }; return sarray_add((struct sorted_array *) asns, &n); } @@ -66,7 +85,7 @@ rasn_empty(struct resources_asn *asns) } bool -rasn_contains(struct resources_asn *asns, ASId_t min, ASId_t max) +rasn_contains(struct resources_asn *asns, long min, long max) { struct asn_node n = { min, max }; return sarray_contains((struct sorted_array *) asns, &n); diff --git a/src/resource/asn.h b/src/resource/asn.h index 855372a3..aaa5cefe 100644 --- a/src/resource/asn.h +++ b/src/resource/asn.h @@ -12,6 +12,6 @@ void rasn_put(struct resources_asn *); int rasn_add(struct resources_asn *, ASId_t, ASId_t); bool rasn_empty(struct resources_asn *); -bool rasn_contains(struct resources_asn *, ASId_t, ASId_t); +bool rasn_contains(struct resources_asn *, long, long); #endif /* SRC_RESOURCE_ASN_H_ */