Index | Thread | Search

From:
Theo Buehler <tb@theobuehler.org>
Subject:
Re: rpki-client: disallow superfluous encoding of AS0 in providers
To:
Job Snijders <job@bsd.nl>
Cc:
tech@openbsd.org
Date:
Sat, 7 Feb 2026 20:34:59 +0100

Download raw body.

Thread 
On Sat, Feb 07, 2026 at 07:12:47PM +0000, Job Snijders wrote:
> On Sat, Feb 07, 2026 at 01:49:10PM +0100, Theo Buehler wrote:
> > On Sat, Feb 07, 2026 at 12:12:53PM +0000, Job Snijders wrote:
> > > Implement this check:
> > > 
> > > https://author-tools.ietf.org/iddiff?url1=draft-ietf-sidrops-aspa-profile-21&url2=draft-ietf-sidrops-aspa-profile-22&difftype=--html
> > 
> > I think making me watch a video where you type out the three lines of
> > interest would be even more convenient :)
> 
> Maybe next time! :)
> 
> > Your check doesn't implement "this check".
> 
> whelp! Thanks!
> 
> > Or, probably better, after the for loop:
> > 
> > 	if (aspa->num_providers > 1 && aspa->providers[0] == 0) {
> > 		warnx(...);
> > 		return 0;
> > 	}
> > 
> > > +				warnx("%s: ASPA: invalid mixed AS 0 Provider",
> > 
> > I would have no clue what this warning is trying to tell me if I didn't
> > already know.
> 
> alright, take #2

ok tb

> 
> Index: aspa.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/aspa.c,v
> diff -u -p -r1.41 aspa.c
> --- aspa.c	14 Nov 2025 08:30:22 -0000	1.41
> +++ aspa.c	7 Feb 2026 19:10:06 -0000
> @@ -104,6 +104,11 @@ aspa_parse_providers(const char *fn, str
>  		aspa->providers[aspa->num_providers++] = provider;
>  	}
>  
> +	if (aspa->num_providers > 1 && aspa->providers[0] == 0) {
> +		warnx("%s: ASPA: invalid ProviderASSet", fn);
> +		return 0;
> +	}
> +
>  	return 1;
>  }
>