From: Theo Buehler <tb@theobuehler.org>
Subject: rpki-client: plug a leak in proc_parser_file()
To: tech@openbsd.org
Date: Tue, 30 Dec 2025 18:17:34 +0100

Kind of surprised that all the static analysis tools didn't catch this,
but maybe there's just too much spaghetti in this file...

If the file starts with rsync://, load_file() overwrites the buf passed
in (that is owned by the entp in the caller) with a freshly allocated
buf that is never freed.

Here's one way of fixing it that doesn't conflict with (and fixes a
similar problem in) Job's .gz diff.

Index: filemode.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/filemode.c,v
diff -u -p -r1.73 filemode.c
--- filemode.c	5 Dec 2025 08:41:32 -0000	1.73
+++ filemode.c	30 Dec 2025 16:34:11 -0000
@@ -413,8 +413,9 @@ rtype_from_der(const char *fn, const uns
  * Parse file passed with -f option.
  */
 static void
-proc_parser_file(char *file, unsigned char *buf, size_t len)
+proc_parser_file(char *file, unsigned char *in_buf, size_t len)
 {
+	unsigned char *buf = in_buf;
 	static int num;
 	struct aspa *aspa = NULL;
 	struct cert *cert = NULL;
@@ -714,6 +715,8 @@ proc_parser_file(char *file, unsigned ch
 	}
 
  out:
+	if (buf != in_buf)
+		free(buf);
 	aspa_free(aspa);
 	cert_free(cert);
 	ccr_free(ccr);