From: Claudio Jeker <cjeker@diehard.n-r-g.com>
Subject: Re: rpki-client: avoid crash in file mode
To: Theo Buehler <tb@theobuehler.org>
Cc: tech@openbsd.org
Date: Thu, 6 Jun 2024 07:57:53 +0200

On Thu, Jun 06, 2024 at 07:44:59AM +0200, Theo Buehler wrote:
> Looking at an expired TA cert crashes because ta_parse() frees cert
> while expires and notafter still point at members of that struct.
> Since expires != NULL, we'll try to cert_print(NULL) and boom.
> 
> Index: filemode.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/filemode.c,v
> diff -u -p -r1.42 filemode.c
> --- filemode.c	20 May 2024 15:51:43 -0000	1.42
> +++ filemode.c	6 Jun 2024 05:38:10 -0000
> @@ -529,6 +529,11 @@ proc_parser_file(char *file, unsigned ch
>  		if ((tal = find_tal(cert)) != NULL) {
>  			cert = ta_parse(file, cert, tal->pkey, tal->pkeysz);
>  			status = (cert != NULL);
> +			if (cert == NULL) {
> +				/* avoid dangling pointers */
> +				expires = NULL;
> +				notafter = NULL;
> +			}
>  			if (outformats & FORMAT_JSON)
>  				json_do_string("tal", tal->descr);
>  			else
> 

It seems other code only clears expires but not notafter. Should those
bits also be adjusted and clear notafter as well?

-- 
:wq Claudio