From: Theo Buehler <tb@theobuehler.org>
Subject: rpki-client: avoid crash in file mode
To: tech@openbsd.org
Date: Thu, 6 Jun 2024 07:44:59 +0200

Looking at an expired TA cert crashes because ta_parse() frees cert
while expires and notafter still point at members of that struct.
Since expires != NULL, we'll try to cert_print(NULL) and boom.

Index: filemode.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/filemode.c,v
diff -u -p -r1.42 filemode.c
--- filemode.c	20 May 2024 15:51:43 -0000	1.42
+++ filemode.c	6 Jun 2024 05:38:10 -0000
@@ -529,6 +529,11 @@ proc_parser_file(char *file, unsigned ch
 		if ((tal = find_tal(cert)) != NULL) {
 			cert = ta_parse(file, cert, tal->pkey, tal->pkeysz);
 			status = (cert != NULL);
+			if (cert == NULL) {
+				/* avoid dangling pointers */
+				expires = NULL;
+				notafter = NULL;
+			}
 			if (outformats & FORMAT_JSON)
 				json_do_string("tal", tal->descr);
 			else