This diff changes how the certs and roa track the tal that covers them.
Instead of passing strings around use ids and a simple lookup table
for the description. This will make it possible to add tal ids to more
things.

Usual test run works and the output for openbgpd and json look sane.
-- 
:wq Claudio

Index: cert.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
retrieving revision 1.45
diff -u -p -r1.45 cert.c
--- cert.c      2 Nov 2021 19:30:30 -0000       1.45
+++ cert.c      3 Nov 2021 17:45:36 -0000
@@ -1220,7 +1220,6 @@ cert_free(struct cert *p)
        free(p->aia);
        free(p->aki);
        free(p->ski);
-       free(p->tal);
        free(p->pubkey);
        X509_free(p->x509);
        free(p);
@@ -1265,6 +1264,7 @@ cert_buffer(struct ibuf *b, const struct
 
        io_simple_buffer(b, &p->expires, sizeof(time_t));
        io_simple_buffer(b, &p->purpose, sizeof(enum cert_purpose));
+       io_simple_buffer(b, &p->talid, sizeof(size_t));
        io_simple_buffer(b, &p->ipsz, sizeof(size_t));
        for (i = 0; i < p->ipsz; i++)
                cert_ip_buffer(b, &p->ips[i]);
@@ -1279,7 +1279,6 @@ cert_buffer(struct ibuf *b, const struct
        io_str_buffer(b, p->aia);
        io_str_buffer(b, p->aki);
        io_str_buffer(b, p->ski);
-       io_str_buffer(b, p->tal);
        io_str_buffer(b, p->pubkey);
 }
 
@@ -1327,6 +1326,7 @@ cert_read(struct ibuf *b)
 
        io_read_buf(b, &p->expires, sizeof(time_t));
        io_read_buf(b, &p->purpose, sizeof(enum cert_purpose));
+       io_read_buf(b, &p->talid, sizeof(size_t));
        io_read_buf(b, &p->ipsz, sizeof(size_t));
 
        p->ips = calloc(p->ipsz, sizeof(struct cert_ip));
@@ -1349,7 +1349,6 @@ cert_read(struct ibuf *b)
        io_read_str(b, &p->aia);
        io_read_str(b, &p->aki);
        io_read_str(b, &p->ski);
-       io_read_str(b, &p->tal);
        io_read_str(b, &p->pubkey);
 
        assert(p->mft != NULL || p->purpose == CERT_PURPOSE_BGPSEC_ROUTER);
@@ -1406,8 +1405,7 @@ insert_brk(struct brk_tree *tree, struct
 
        b->asid = asid;
        b->expires = cert->expires;
-       if ((b->tal = strdup(cert->tal)) == NULL)
-               err(1, NULL);
+       b->talid = cert->talid;
        if ((b->ski = strdup(cert->ski)) == NULL)
                err(1, NULL);
        if ((b->pubkey = strdup(cert->pubkey)) == NULL)
@@ -1420,13 +1418,10 @@ insert_brk(struct brk_tree *tree, struct
        if ((found = RB_INSERT(brk_tree, tree, b)) != NULL) {
                if (found->expires < b->expires) {
                        found->expires = b->expires;
-                       free(found->tal);
-                       found->tal = b->tal;
-                       b->tal = NULL;
+                       found->talid = b->talid;
                }
                free(b->ski);
                free(b->pubkey);
-               free(b->tal);
                free(b);
        }
 }
Index: extern.h
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/extern.h,v
retrieving revision 1.89
diff -u -p -r1.89 extern.h
--- extern.h    3 Nov 2021 10:50:18 -0000       1.89
+++ extern.h    3 Nov 2021 17:58:11 -0000
@@ -118,6 +118,7 @@ struct cert {
        size_t           ipsz; /* length of "ips" */
        struct cert_as  *as; /* list of AS numbers and ranges */
        size_t           asz; /* length of "asz" */
+       size_t           talid; /* cert is covered by which TAL */
        char            *repo; /* CA repository (rsync:// uri) */
        char            *mft; /* manifest (rsync:// uri) */
        char            *notify; /* RRDP notify (https:// uri) */
@@ -125,8 +126,7 @@ struct cert {
        char            *aia; /* AIA (or NULL, for trust anchor) */
        char            *aki; /* AKI (or NULL, for trust anchor) */
        char            *ski; /* SKI */
-       char            *tal; /* basename of TAL for this cert */
-       enum cert_purpose        purpose; /* Certificate Purpose (BGPSec or CA) 
*/
+       enum cert_purpose        purpose; /* BGPSec or CA */
        char            *pubkey; /* Subject Public Key Info */
        X509            *x509; /* the cert */
        time_t           expires; /* do not use after */
@@ -145,6 +145,7 @@ struct tal {
        unsigned char   *pkey; /* DER-encoded public key */
        size_t           pkeysz; /* length of pkey */
        char            *descr; /* basename of tal file */
+       size_t           id;
 };
 
 /*
@@ -192,11 +193,11 @@ struct roa {
        uint32_t         asid; /* asID of ROA (if 0, RFC 6483 sec 4) */
        struct roa_ip   *ips; /* IP prefixes */
        size_t           ipsz; /* number of IP prefixes */
+       size_t          talid; /* ROAs are covered by which TAL */
        int              valid; /* validated resources */
        char            *aia; /* AIA */
        char            *aki; /* AKI */
        char            *ski; /* SKI */
-       char            *tal; /* basename of TAL for this cert */
        time_t           expires; /* do not use after */
 };
 
@@ -216,8 +217,8 @@ struct gbr {
 struct vrp {
        RB_ENTRY(vrp)   entry;
        struct ip_addr  addr;
+       size_t           talid; /* covered by which TAL */
        uint32_t        asid;
-       char            *tal; /* basename of TAL for this cert */
        enum afi        afi;
        unsigned char   maxlength;
        time_t          expires; /* transitive expiry moment */
@@ -234,7 +235,7 @@ RB_PROTOTYPE(vrp_tree, vrp, entry, vrpcm
 struct brk {
        RB_ENTRY(brk)    entry;
        uint32_t         asid;
-       char            *tal; /* basename of TAL for this key */
+       size_t           talid; /* covered by which TAL */
        char            *ski; /* Subject Key Identifier */
        char            *pubkey; /* Subject Public Key Info */
        time_t           expires; /* transitive expiry moment */
@@ -340,7 +341,7 @@ struct entity {
        int              has_data;      /* whether data blob is specified */
        unsigned char   *data;          /* optional data blob */
        size_t           datasz;        /* length of optional data blob */
-       char            *descr;         /* tal description */
+       int              talid;         /* tal identifier */
        TAILQ_ENTRY(entity) entries;
 };
 TAILQ_HEAD(entityq, entity);
@@ -377,7 +378,6 @@ struct stats {
        size_t   del_files; /* number of files removed in cleanup */
        size_t   del_dirs; /* number of directories removed in cleanup */
        size_t   brks; /* number of BGPsec Router Key (BRK) certificates */
-       char    *talnames;
        struct timeval  elapsed_time;
        struct timeval  user_time;
        struct timeval  system_time;
@@ -388,6 +388,9 @@ struct msgbuf;
 
 /* global variables */
 extern int verbose;
+extern const char *tals[];
+extern const char *taldescs[];
+extern size_t talsz;
 
 /* Routines for RPKI entities. */
 
Index: main.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
retrieving revision 1.160
diff -u -p -r1.160 main.c
--- main.c      1 Nov 2021 17:00:34 -0000       1.160
+++ main.c      3 Nov 2021 17:59:27 -0000
@@ -49,6 +49,10 @@
  */
 #define        TALSZ_MAX       8
 
+const char     *tals[TALSZ_MAX];
+const char     *taldescs[TALSZ_MAX];
+size_t          talsz;
+
 size_t entity_queue;
 int    timeout = 60*60;
 volatile sig_atomic_t killme;
@@ -90,7 +94,6 @@ entity_free(struct entity *ent)
 
        free(ent->data);
        free(ent->file);
-       free(ent->descr);
        free(ent);
 }
 
@@ -103,8 +106,8 @@ void
 entity_read_req(struct ibuf *b, struct entity *ent)
 {
        io_read_buf(b, &ent->type, sizeof(ent->type));
+       io_read_buf(b, &ent->talid, sizeof(ent->talid));
        io_read_str(b, &ent->file);
-       io_read_str(b, &ent->descr);
        io_read_buf(b, &ent->has_data, sizeof(ent->has_data));
        if (ent->has_data)
                io_read_buf_alloc(b, (void **)&ent->data, &ent->datasz);
@@ -127,8 +130,8 @@ entity_write_req(const struct entity *en
 
        b = io_new_buffer();
        io_simple_buffer(b, &ent->type, sizeof(ent->type));
+       io_simple_buffer(b, &ent->talid, sizeof(ent->talid));
        io_str_buffer(b, ent->file);
-       io_str_buffer(b, ent->descr);
        io_simple_buffer(b, &ent->has_data, sizeof(int));
        if (ent->has_data)
                io_buf_buffer(b, ent->data, ent->datasz);
@@ -169,7 +172,7 @@ entityq_flush(struct entityq *q, struct 
  */
 static void
 entityq_add(char *file, enum rtype type, struct repo *rp,
-    unsigned char *data, size_t datasz, char *descr)
+    unsigned char *data, size_t datasz, int talid)
 {
        struct entity   *p;
 
@@ -177,15 +180,13 @@ entityq_add(char *file, enum rtype type,
                err(1, NULL);
 
        p->type = type;
+       p->talid = talid;
        p->file = file;
        p->has_data = data != NULL;
        if (p->has_data) {
                p->data = data;
                p->datasz = datasz;
        }
-       if (descr != NULL)
-               if ((p->descr = strdup(descr)) == NULL)
-                       err(1, NULL);
 
        entity_queue++;
 
@@ -336,7 +337,7 @@ queue_add_from_mft(const char *mft, cons
         * that the repository has already been loaded.
         */
 
-       entityq_add(nfile, type, NULL, NULL, 0, NULL);
+       entityq_add(nfile, type, NULL, NULL, 0, -1);
 }
 
 /*
@@ -384,7 +385,7 @@ queue_add_from_mft_set(const struct mft 
  * Add a local TAL file (RFC 7730) to the queue of files to fetch.
  */
 static void
-queue_add_tal(const char *file)
+queue_add_tal(const char *file, int id)
 {
        unsigned char   *buf;
        char            *nfile;
@@ -398,21 +399,8 @@ queue_add_tal(const char *file)
                return;
        }
 
-       /* Record tal for later reporting */
-       if (stats.talnames == NULL) {
-               if ((stats.talnames = strdup(file)) == NULL)
-                       err(1, NULL);
-       } else {
-               char *tmp;
-
-               if (asprintf(&tmp, "%s %s", stats.talnames, file) == -1)
-                       err(1, NULL);
-               free(stats.talnames);
-               stats.talnames = tmp;
-       }
-
        /* Not in a repository, so directly add to queue. */
-       entityq_add(nfile, RTYPE_TAL, NULL, buf, len, NULL);
+       entityq_add(nfile, RTYPE_TAL, NULL, buf, len, id);
 }
 
 /*
@@ -426,6 +414,9 @@ queue_add_from_tal(struct tal *tal)
 
        assert(tal->urisz);
 
+       if ((taldescs[tal->id] = strdup(tal->descr)) == NULL)
+               err(1, NULL);
+
        /* Look up the repository. */
        repo = ta_lookup(tal);
 
@@ -433,7 +424,7 @@ queue_add_from_tal(struct tal *tal)
        data = tal->pkey;
        tal->pkey = NULL;
        entityq_add(NULL, RTYPE_CER, repo, data,
-           tal->pkeysz, tal->descr);
+           tal->pkeysz, tal->id);
 }
 
 /*
@@ -453,7 +444,7 @@ queue_add_from_cert(const struct cert *c
 
        if ((nfile = strdup(cert->mft)) == NULL)
                err(1, NULL);
-       entityq_add(nfile, RTYPE_MFT, repo, NULL, 0, NULL);
+       entityq_add(nfile, RTYPE_MFT, repo, NULL, 0, -1);
 }
 
 /*
@@ -609,7 +600,7 @@ rrdp_process(struct ibuf *b)
  * Don't exceded "max" filenames.
  */
 static size_t
-tal_load_default(const char *tals[], size_t max)
+tal_load_default(void)
 {
        static const char *confdir = "/etc/rpki";
        size_t s = 0;
@@ -623,7 +614,7 @@ tal_load_default(const char *tals[], siz
        while ((dp = readdir(dirp)) != NULL) {
                if (fnmatch("*.tal", dp->d_name, FNM_PERIOD) == FNM_NOMATCH)
                        continue;
-               if (s >= max)
+               if (s >= TALSZ_MAX)
                        err(1, "too many tal files found in %s",
                            confdir);
                if (asprintf(&path, "%s/%s", confdir, dp->d_name) == -1)
@@ -672,7 +663,7 @@ main(int argc, char *argv[])
 {
        int              rc, c, st, proc, rsync, http, rrdp, ok, hangup = 0;
        int              fl = SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK;
-       size_t           i, id, talsz = 0;
+       size_t           i, id;
        pid_t            pid, procpid, rsyncpid, httppid, rrdppid;
        int              fd[2];
        struct pollfd    pfd[NPFD];
@@ -682,7 +673,7 @@ main(int argc, char *argv[])
        char            *rsync_prog = "openrsync";
        char            *bind_addr = NULL;
        const char      *cachedir = NULL, *outputdir = NULL;
-       const char      *tals[TALSZ_MAX], *errs, *name;
+       const char      *errs, *name;
        const char      *file = NULL;
        struct vrp_tree  vrps = RB_INITIALIZER(&vrps);
        struct brk_tree  brks = RB_INITIALIZER(&brks);
@@ -799,7 +790,7 @@ main(int argc, char *argv[])
                outformats = FORMAT_OPENBGPD;
 
        if (talsz == 0)
-               talsz = tal_load_default(tals, TALSZ_MAX);
+               talsz = tal_load_default();
        if (talsz == 0)
                err(1, "no TAL files found in %s", "/etc/rpki");
 
@@ -999,7 +990,7 @@ main(int argc, char *argv[])
         */
 
        for (i = 0; i < talsz; i++)
-               queue_add_tal(tals[i]);
+               queue_add_tal(tals[i], i);
 
        /* change working directory to the cache directory */
        if (fchdir(cachefd) == -1)
@@ -1170,7 +1161,6 @@ main(int argc, char *argv[])
        if (outputfiles(&vrps, &brks, &stats))
                rc = 1;
 
-
        logx("Processing time %lld seconds "
            "(%lld seconds user, %lld seconds system)",
            (long long)stats.elapsed_time.tv_sec,
@@ -1181,7 +1171,8 @@ main(int argc, char *argv[])
        logx("BGPsec Router Certificates: %zu", stats.brks);
        logx("Certificates: %zu (%zu invalid)",
            stats.certs, stats.certs_fail);
-       logx("Trust Anchor Locators: %zu", stats.tals);
+       logx("Trust Anchor Locators: %zu (%zu invalid)",
+           stats.tals, talsz - stats.tals);
        logx("Manifests: %zu (%zu failed parse, %zu stale)",
            stats.mfts, stats.mfts_fail, stats.mfts_stale);
        logx("Certificate revocation lists: %zu", stats.crls);
Index: output-csv.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/output-csv.c,v
retrieving revision 1.11
diff -u -p -r1.11 output-csv.c
--- output-csv.c        11 Oct 2021 16:50:03 -0000      1.11
+++ output-csv.c        3 Nov 2021 17:47:36 -0000
@@ -34,7 +34,8 @@ output_csv(FILE *out, struct vrp_tree *v
                ip_addr_print(&v->addr, v->afi, buf, sizeof(buf));
 
                if (fprintf(out, "AS%u,%s,%u,%s,%lld\n", v->asid, buf,
-                   v->maxlength, v->tal, (long long)v->expires) < 0)
+                   v->maxlength, taldescs[v->talid],
+                   (long long)v->expires) < 0)
                        return -1;
        }
        return 0;
Index: output-json.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/output-json.c,v
retrieving revision 1.21
diff -u -p -r1.21 output-json.c
--- output-json.c       1 Nov 2021 17:00:34 -0000       1.21
+++ output-json.c       3 Nov 2021 17:48:29 -0000
@@ -28,6 +28,7 @@ outputheader_json(FILE *out, struct stat
        char            hn[NI_MAXHOST], tbuf[26];
        struct tm       *tp;
        time_t          t;
+       size_t          i;
 
        time(&t);
        setenv("TZ", "UTC", 1);
@@ -50,7 +51,24 @@ outputheader_json(FILE *out, struct stat
            "\t\t\"certificates\": %zu,\n"
            "\t\t\"invalidcertificates\": %zu,\n"
            "\t\t\"tals\": %zu,\n"
-           "\t\t\"talfiles\": \"%s\",\n"
+           "\t\t\"invalidtals\": %zu,\n"
+           "\t\t\"talfiles\": [\n",
+           hn, tbuf, (long long)st->elapsed_time.tv_sec,
+           (long long)st->user_time.tv_sec, (long long)st->system_time.tv_sec,
+           st->roas, st->roas_fail, st->roas_invalid,
+           st->brks, st->certs, st->certs_fail,
+           st->tals, talsz - st->tals) < 0)
+               return -1;
+
+       for (i = 0; i < talsz; i++) {
+               if (fprintf(out,
+                   "\t\t\t\"%s\"%s\n",
+                   tals[i], i == talsz - 1 ? "" : ",") < 0)
+                       return -1;
+       }
+
+       if (fprintf(out,
+           "\t\t],\n"
            "\t\t\"manifests\": %zu,\n"
            "\t\t\"failedmanifests\": %zu,\n"
            "\t\t\"stalemanifests\": %zu,\n"
@@ -62,11 +80,6 @@ outputheader_json(FILE *out, struct stat
            "\t\t\"cachedir_del_files\": %zu,\n"
            "\t\t\"cachedir_del_dirs\": %zu\n"
            "\t},\n\n",
-           hn, tbuf, (long long)st->elapsed_time.tv_sec,
-           (long long)st->user_time.tv_sec, (long long)st->system_time.tv_sec,
-           st->roas, st->roas_fail, st->roas_invalid,
-           st->brks, st->certs, st->certs_fail,
-           st->tals, st->talnames,
            st->mfts, st->mfts_fail, st->mfts_stale,
            st->crls,
            st->gbrs,
@@ -103,7 +116,8 @@ output_json(FILE *out, struct vrp_tree *
 
                if (fprintf(out, "\t\t{ \"asn\": %u, \"prefix\": \"%s\", "
                    "\"maxLength\": %u, \"ta\": \"%s\", \"expires\": %lld }",
-                   v->asid, buf, v->maxlength, v->tal, (long long)v->expires)
+                   v->asid, buf, v->maxlength, taldescs[v->talid],
+                   (long long)v->expires)
                    < 0)
                        return -1;
        }
@@ -121,7 +135,7 @@ output_json(FILE *out, struct vrp_tree *
 
                if (fprintf(out, "\t\t{ \"asn\": %u, \"ski\": \"%s\", "
                    "\"pubkey\": \"%s\", \"ta\": \"%s\", \"expires\": %lld }",
-                   b->asid, b->ski, b->pubkey, b->tal,
+                   b->asid, b->ski, b->pubkey, taldescs[b->talid],
                    (long long)b->expires) < 0)
                        return -1;
        }
Index: output.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/output.c,v
retrieving revision 1.23
diff -u -p -r1.23 output.c
--- output.c    1 Nov 2021 17:00:34 -0000       1.23
+++ output.c    3 Nov 2021 18:19:15 -0000
@@ -201,6 +201,7 @@ outputheader(FILE *out, struct stats *st
        char            hn[NI_MAXHOST], tbuf[80];
        struct tm       *tp;
        time_t          t;
+       size_t          i;
 
        time(&t);
        setenv("TZ", "UTC", 1);
@@ -211,21 +212,31 @@ outputheader(FILE *out, struct stats *st
 
        if (fprintf(out,
            "# Generated on host %s at %s\n"
-           "# Processing time %lld seconds (%lld seconds user, %lld seconds 
system)\n"
+           "# Processing time %lld seconds (%llds user, %llds system)\n"
            "# Route Origin Authorizations: %zu (%zu failed parse, %zu 
invalid)\n"
            "# BGPsec Router Certificates: %zu\n"
-           "# Certificates: %zu (%zu invalid)\n"
-           "# Trust Anchor Locators: %zu (%s)\n"
+           "# Certificates: %zu (%zu invalid)\n",
+           hn, tbuf, (long long)st->elapsed_time.tv_sec,
+           (long long)st->user_time.tv_sec, (long long)st->system_time.tv_sec,
+           st->roas, st->roas_fail, st->roas_invalid,
+           st->brks, st->certs, st->certs_fail) < 0)
+               return -1;
+
+       if (fprintf(out,
+           "# Trust Anchor Locators: %zu (%zu invalid) [", st->tals,
+           talsz - st->tals) < 0)
+               return -1;
+       for (i = 0; i < talsz; i++)
+               if (fprintf(out, " %s", tals[i]) < 0)
+                       return -1;
+
+       if (fprintf(out,
+           " ]\n"
            "# Manifests: %zu (%zu failed parse, %zu stale)\n"
            "# Certificate revocation lists: %zu\n"
            "# Ghostbuster records: %zu\n"
            "# Repositories: %zu\n"
            "# VRP Entries: %zu (%zu unique)\n",
-           hn, tbuf, (long long)st->elapsed_time.tv_sec,
-           (long long)st->user_time.tv_sec, (long long)st->system_time.tv_sec,
-           st->roas, st->roas_fail, st->roas_invalid,
-           st->brks, st->certs, st->certs_fail,
-           st->tals, st->talnames,
            st->mfts, st->mfts_fail, st->mfts_stale,
            st->crls,
            st->gbrs,
Index: parser.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v
retrieving revision 1.26
diff -u -p -r1.26 parser.c
--- parser.c    3 Nov 2021 10:50:18 -0000       1.26
+++ parser.c    3 Nov 2021 18:01:58 -0000
@@ -233,8 +233,7 @@ proc_parser_cert(const struct entity *en
        sk_X509_free(chain);
        sk_X509_CRL_free(crls);
 
-       if ((cert->tal = strdup(a->cert->tal)) == NULL)
-               err(1, NULL);
+       cert->talid = a->cert->talid;
 
        /* Validate the cert to get the parent */
        if (!valid_cert(entp->file, &auths, cert)) {
@@ -319,8 +318,7 @@ proc_parser_root_cert(const struct entit
                goto badcert;
        }
 
-       if ((cert->tal = strdup(entp->descr)) == NULL)
-               err(1, NULL);
+       cert->talid = entp->talid;
 
        /*
         * Add valid roots to the RPKI auth tree.
@@ -521,6 +519,7 @@ parse_entity(struct entityq *q, struct m
                            entp->datasz)) == NULL)
                                errx(1, "%s: could not parse tal file",
                                    entp->file);
+                       tal->id = entp->talid;
                        tal_buffer(b, tal);
                        tal_free(tal);
                        break;
Index: roa.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/roa.c,v
retrieving revision 1.30
diff -u -p -r1.30 roa.c
--- roa.c       28 Oct 2021 09:02:19 -0000      1.30
+++ roa.c       3 Nov 2021 17:51:25 -0000
@@ -409,7 +409,6 @@ roa_free(struct roa *p)
        free(p->aki);
        free(p->ski);
        free(p->ips);
-       free(p->tal);
        free(p);
 }
 
@@ -424,6 +423,7 @@ roa_buffer(struct ibuf *b, const struct 
 
        io_simple_buffer(b, &p->valid, sizeof(int));
        io_simple_buffer(b, &p->asid, sizeof(uint32_t));
+       io_simple_buffer(b, &p->talid, sizeof(size_t));
        io_simple_buffer(b, &p->ipsz, sizeof(size_t));
        io_simple_buffer(b, &p->expires, sizeof(time_t));
 
@@ -438,7 +438,6 @@ roa_buffer(struct ibuf *b, const struct 
        io_str_buffer(b, p->aia);
        io_str_buffer(b, p->aki);
        io_str_buffer(b, p->ski);
-       io_str_buffer(b, p->tal);
 }
 
 /*
@@ -457,6 +456,7 @@ roa_read(struct ibuf *b)
 
        io_read_buf(b, &p->valid, sizeof(int));
        io_read_buf(b, &p->asid, sizeof(uint32_t));
+       io_read_buf(b, &p->talid, sizeof(size_t));
        io_read_buf(b, &p->ipsz, sizeof(size_t));
        io_read_buf(b, &p->expires, sizeof(time_t));
 
@@ -474,8 +474,7 @@ roa_read(struct ibuf *b)
        io_read_str(b, &p->aia);
        io_read_str(b, &p->aki);
        io_read_str(b, &p->ski);
-       io_read_str(b, &p->tal);
-       assert(p->aia && p->aki && p->ski && p->tal);
+       assert(p->aia && p->aki && p->ski);
 
        return p;
 }
@@ -499,8 +498,7 @@ roa_insert_vrps(struct vrp_tree *tree, s
                v->addr = roa->ips[i].addr;
                v->maxlength = roa->ips[i].maxlength;
                v->asid = roa->asid;
-               if ((v->tal = strdup(roa->tal)) == NULL)
-                       err(1, NULL);
+               v->talid = roa->talid;
                v->expires = roa->expires;
 
                /*
@@ -512,12 +510,9 @@ roa_insert_vrps(struct vrp_tree *tree, s
                        /* already exists */
                        if (found->expires < v->expires) {
                                /* update found with preferred data */
-                               found->expires = roa->expires;
-                               free(found->tal);
-                               found->tal = v->tal;
-                               v->tal = NULL;
+                               found->talid = v->talid;
+                               found->expires = v->expires;
                        }
-                       free(v->tal);
                        free(v);
                } else
                        (*uniqs)++;
Index: tal.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/tal.c,v
retrieving revision 1.32
diff -u -p -r1.32 tal.c
--- tal.c       26 Oct 2021 16:12:54 -0000      1.32
+++ tal.c       3 Nov 2021 18:03:46 -0000
@@ -213,6 +213,7 @@ tal_buffer(struct ibuf *b, const struct 
 {
        size_t   i;
 
+       io_simple_buffer(b, &p->id, sizeof(size_t));
        io_buf_buffer(b, p->pkey, p->pkeysz);
        io_str_buffer(b, p->descr);
        io_simple_buffer(b, &p->urisz, sizeof(size_t));
@@ -235,6 +236,7 @@ tal_read(struct ibuf *b)
        if ((p = calloc(1, sizeof(struct tal))) == NULL)
                err(1, NULL);
 
+       io_read_buf(b, &p->id, sizeof(size_t));
        io_read_buf_alloc(b, (void **)&p->pkey, &p->pkeysz);
        io_read_str(b, &p->descr);
        io_read_buf(b, &p->urisz, sizeof(size_t));
Index: validate.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/validate.c,v
retrieving revision 1.21
diff -u -p -r1.21 validate.c
--- validate.c  1 Nov 2021 09:12:18 -0000       1.21
+++ validate.c  3 Nov 2021 17:52:05 -0000
@@ -217,8 +217,7 @@ valid_roa(const char *fn, struct auth_tr
        if (a == NULL)
                return 0;
 
-       if ((roa->tal = strdup(a->cert->tal)) == NULL)
-               err(1, NULL);
+       roa->talid = a->cert->talid;
 
        for (i = 0; i < roa->ipsz; i++) {
                if (valid_ip(a, roa->ips[i].afi, roa->ips[i].min,

Reply via email to