From: pcarana <pc.moreno2099@gmail.com>
Date: Mon, 11 Nov 2019 21:09:58 +0000 (-0600)
Subject: Validate DER encoding only if incidence isn't ignored, update gitignore
X-Git-Tag: v1.2.0~55
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=ecb37ed0411be1d7f7002518fae68229c89e2806;p=thirdparty%2FFORT-validator.git

Validate DER encoding only if incidence isn't ignored, update gitignore
---

diff --git a/.gitignore b/.gitignore
index 4da1a7cf..dd5dd6a7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -101,7 +101,8 @@ docs/_site
 # Files we're sorta contractually obligated to exclude.
 # Can't include ARIN's TAL because of their Relying Party Agreement
 # (https://www.arin.net/resources/manage/rpki/tal/)
-tal/arin.tal
+examples/tal/arin.tal
+examples/tal/arin-rfc7730.tal
 
 # Unwanted manure shat by imbecile OSs
 .DS_Store*
diff --git a/src/asn1/decode.c b/src/asn1/decode.c
index 6acf4e17..170a1fe1 100644
--- a/src/asn1/decode.c
+++ b/src/asn1/decode.c
@@ -4,6 +4,7 @@
 #include "common.h"
 #include "config.h"
 #include "log.h"
+#include "incidence/incidence.h"
 
 #define COND_LOG(log, pr) (log ? pr : -EINVAL)
 
@@ -50,6 +51,10 @@ der_coder(const void *buf, size_t size, void *app_key)
 	return 0;
 }
 
+/*
+ * FIXME (next iteration) This isn't efficient, consider implement DER decoding
+ * or something better.
+ */
 static int
 validate_der(size_t ber_consumed, asn_TYPE_descriptor_t const *descriptor,
     const void *original, void *result)
@@ -99,8 +104,9 @@ asn1_decode(const void *buffer, size_t buffer_size,
 		        rval.code, rval.consumed));
 	}
 
-	/* Validate DER encoding */
-	if (dec_as_der) {
+	/* Validate DER encoding, only if wanted and incidence isn't ignored */
+	if (dec_as_der &&
+	    incidence_get_action(INID_OBJ_NOT_DER) != INAC_IGNORE) {
 		error = validate_der(rval.consumed, descriptor, buffer,
 		    *result);
 		if (error) {