From: Alberto Leiva Popper Date: Tue, 29 Jan 2019 22:16:28 +0000 (-0600) Subject: Strengthen the TAL parser X-Git-Tag: v0.0.2~105^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a8213760860ce468bf59f03e7562b148a49da904;p=thirdparty%2FFORT-validator.git Strengthen the TAL parser Prevents segfaults when there's no blank line between the URI section and the public key, as well as when the file is empty. Fixes #1. --- diff --git a/src/object/certificate.c b/src/object/certificate.c index b1d64c35..dc553471 100644 --- a/src/object/certificate.c +++ b/src/object/certificate.c @@ -202,6 +202,10 @@ validate_spki(const unsigned char *cert_spk, int cert_spk_len) * trouble. We'll have to decode the TAL's SPKI though. */ + /* + * TODO we're decoding the TAL's public key, but the stacked file name + * is the certificate's. It looks weird when it errors. + */ tal_get_spki(tal, &_tal_spki, &_tal_spki_len); error = asn1_decode(_tal_spki, _tal_spki_len, &asn_DEF_SubjectPublicKeyInfo, (void **) &tal_spki); diff --git a/src/object/tal.c b/src/object/tal.c index 4022b6cc..14b97193 100644 --- a/src/object/tal.c +++ b/src/object/tal.c @@ -71,9 +71,11 @@ read_uris(struct line_file *lfile, struct uris *uris) if (error) return error; + if (uri == NULL) + return pr_err("TAL file is empty."); if (strcmp(uri, "") == 0) { free(uri); - return pr_err("TAL file contains no URIs"); + return pr_err("There's no URI in the first line of the TAL."); } error = uris_add(uris, uri); @@ -85,6 +87,8 @@ read_uris(struct line_file *lfile, struct uris *uris) if (error) return error; + if (uri == NULL) + return pr_err("TAL file ended prematurely. (Expected URI list, blank line and public key.)"); if (strcmp(uri, "") == 0) { free(uri); return 0; /* Happy path */