- Fix unbound-anchor certificate file read for line ends and end of

  file.

diff --git a/doc/Changelog b/doc/Changelog
index 2209c5e29b13ec922504cd688ef3b9732fb004a2..22ff13ef3dde792c352a7d6ec49bc2bba75b4280 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+5 June 2025: Wouter
+       - Fix unbound-anchor certificate file read for line ends and end of
+         file.
+
 3 June 2025: Yorgos
        - Small manpage corrections for the 'disable-dnssec-lame-check' option.
 

diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c
index bd4a121f732c5623ac9168d74a1744e37a5da48d..16f26206719a08fac80c6706c8efe3d25646108b 100644 (file)
--- a/smallapp/unbound-anchor.c
+++ b/smallapp/unbound-anchor.c
@@ -382,7 +382,7 @@ read_cert_file(const char* file)
        STACK_OF(X509)* sk;
        FILE* in;
        int content = 0;
-       char buf[128];
+       long flen;
        if(file == NULL || strcmp(file, "") == 0) {
                return NULL;
        }
@@ -399,6 +399,11 @@ read_cert_file(const char* file)
 #endif
                return NULL;
        }
+       if(fseek(in, 0, SEEK_END) < 0)
+               printf("%s fseek: %s\n", file, strerror(errno));
+       flen = ftell(in);
+       if(fseek(in, 0, SEEK_SET) < 0)
+               printf("%s fseek: %s\n", file, strerror(errno));
        while(!feof(in)) {
                X509* x = PEM_read_X509(in, NULL, NULL, NULL);
                if(x == NULL) {
@@ -414,8 +419,9 @@ read_cert_file(const char* file)
                        exit(0);
                }
                content = 1;
-               /* read away newline after --END CERT-- */
-               if(!fgets(buf, (int)sizeof(buf), in))
+               /* feof may not be true yet, but if the position is
+                * at end of file, stop reading more certificates. */
+               if(ftell(in) == flen)
                        break;
        }
        fclose(in);