This diff changes how the certs and roa track the tal that covers them.
Instead of passing strings around use ids and a simple lookup table
for the description. This will make it possible to add tal ids to more
things.
Usual test run works and the output for openbgpd and json look sane.
--
:wq Claudio
Index: cert.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
retrieving revision 1.45
diff -u -p -r1.45 cert.c
--- cert.c 2 Nov 2021 19:30:30 -0000 1.45
+++ cert.c 3 Nov 2021 17:45:36 -0000
@@ -1220,7 +1220,6 @@ cert_free(struct cert *p)
free(p->aia);
free(p->aki);
free(p->ski);
- free(p->tal);
free(p->pubkey);
X509_free(p->x509);
free(p);
@@ -1265,6 +1264,7 @@ cert_buffer(struct ibuf *b, const struct
io_simple_buffer(b, &p->expires, sizeof(time_t));
io_simple_buffer(b, &p->purpose, sizeof(enum cert_purpose));
+ io_simple_buffer(b, &p->talid, sizeof(size_t));
io_simple_buffer(b, &p->ipsz, sizeof(size_t));
for (i = 0; i < p->ipsz; i++)
cert_ip_buffer(b, &p->ips[i]);
@@ -1279,7 +1279,6 @@ cert_buffer(struct ibuf *b, const struct
io_str_buffer(b, p->aia);
io_str_buffer(b, p->aki);
io_str_buffer(b, p->ski);
- io_str_buffer(b, p->tal);
io_str_buffer(b, p->pubkey);
}
@@ -1327,6 +1326,7 @@ cert_read(struct ibuf *b)
io_read_buf(b, &p->expires, sizeof(time_t));
io_read_buf(b, &p->purpose, sizeof(enum cert_purpose));
+ io_read_buf(b, &p->talid, sizeof(size_t));
io_read_buf(b, &p->ipsz, sizeof(size_t));
p->ips = calloc(p->ipsz, sizeof(struct cert_ip));
@@ -1349,7 +1349,6 @@ cert_read(struct ibuf *b)
io_read_str(b, &p->aia);
io_read_str(b, &p->aki);
io_read_str(b, &p->ski);
- io_read_str(b, &p->tal);
io_read_str(b, &p->pubkey);
assert(p->mft != NULL || p->purpose == CERT_PURPOSE_BGPSEC_ROUTER);
@@ -1406,8 +1405,7 @@ insert_brk(struct brk_tree *tree, struct
b->asid = asid;
b->expires = cert->expires;
- if ((b->tal = strdup(cert->tal)) == NULL)
- err(1, NULL);
+ b->talid = cert->talid;
if ((b->ski = strdup(cert->ski)) == NULL)
err(1, NULL);
if ((b->pubkey = strdup(cert->pubkey)) == NULL)
@@ -1420,13 +1418,10 @@ insert_brk(struct brk_tree *tree, struct
if ((found = RB_INSERT(brk_tree, tree, b)) != NULL) {
if (found->expires < b->expires) {
found->expires = b->expires;
- free(found->tal);
- found->tal = b->tal;
- b->tal = NULL;
+ found->talid = b->talid;
}
free(b->ski);
free(b->pubkey);
- free(b->tal);
free(b);
}
}
Index: extern.h
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/extern.h,v
retrieving revision 1.89
diff -u -p -r1.89 extern.h
--- extern.h 3 Nov 2021 10:50:18 -0000 1.89
+++ extern.h 3 Nov 2021 17:58:11 -0000
@@ -118,6 +118,7 @@ struct cert {
size_t ipsz; /* length of "ips" */
struct cert_as *as; /* list of AS numbers and ranges */
size_t asz; /* length of "asz" */
+ size_t talid; /* cert is covered by which TAL */
char *repo; /* CA repository (rsync:// uri) */
char *mft; /* manifest (rsync:// uri) */
char *notify; /* RRDP notify (https:// uri) */
@@ -125,8 +126,7 @@ struct cert {
char *aia; /* AIA (or NULL, for trust anchor) */
char *aki; /* AKI (or NULL, for trust anchor) */
char *ski; /* SKI */
- char *tal; /* basename of TAL for this cert */
- enum cert_purpose purpose; /* Certificate Purpose (BGPSec or CA)
*/
+ enum cert_purpose purpose; /* BGPSec or CA */
char *pubkey; /* Subject Public Key Info */
X509 *x509; /* the cert */
time_t expires; /* do not use after */
@@ -145,6 +145,7 @@ struct tal {
unsigned char *pkey; /* DER-encoded public key */
size_t pkeysz; /* length of pkey */
char *descr; /* basename of tal file */
+ size_t id;
};
/*
@@ -192,11 +193,11 @@ struct roa {
uint32_t asid; /* asID of ROA (if 0, RFC 6483 sec 4) */
struct roa_ip *ips; /* IP prefixes */
size_t ipsz; /* number of IP prefixes */
+ size_t talid; /* ROAs are covered by which TAL */
int valid; /* validated resources */
char *aia; /* AIA */
char *aki; /* AKI */
char *ski; /* SKI */
- char *tal; /* basename of TAL for this cert */
time_t expires; /* do not use after */
};
@@ -216,8 +217,8 @@ struct gbr {
struct vrp {
RB_ENTRY(vrp) entry;
struct ip_addr addr;
+ size_t talid; /* covered by which TAL */
uint32_t asid;
- char *tal; /* basename of TAL for this cert */
enum afi afi;
unsigned char maxlength;
time_t expires; /* transitive expiry moment */
@@ -234,7 +235,7 @@ RB_PROTOTYPE(vrp_tree, vrp, entry, vrpcm
struct brk {
RB_ENTRY(brk) entry;
uint32_t asid;
- char *tal; /* basename of TAL for this key */
+ size_t talid; /* covered by which TAL */
char *ski; /* Subject Key Identifier */
char *pubkey; /* Subject Public Key Info */
time_t expires; /* transitive expiry moment */
@@ -340,7 +341,7 @@ struct entity {
int has_data; /* whether data blob is specified */
unsigned char *data; /* optional data blob */
size_t datasz; /* length of optional data blob */
- char *descr; /* tal description */
+ int talid; /* tal identifier */
TAILQ_ENTRY(entity) entries;
};
TAILQ_HEAD(entityq, entity);
@@ -377,7 +378,6 @@ struct stats {
size_t del_files; /* number of files removed in cleanup */
size_t del_dirs; /* number of directories removed in cleanup */
size_t brks; /* number of BGPsec Router Key (BRK) certificates */
- char *talnames;
struct timeval elapsed_time;
struct timeval user_time;
struct timeval system_time;
@@ -388,6 +388,9 @@ struct msgbuf;
/* global variables */
extern int verbose;
+extern const char *tals[];
+extern const char *taldescs[];
+extern size_t talsz;
/* Routines for RPKI entities. */
Index: main.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
retrieving revision 1.160
diff -u -p -r1.160 main.c
--- main.c 1 Nov 2021 17:00:34 -0000 1.160
+++ main.c 3 Nov 2021 17:59:27 -0000
@@ -49,6 +49,10 @@
*/
#define TALSZ_MAX 8
+const char *tals[TALSZ_MAX];
+const char *taldescs[TALSZ_MAX];
+size_t talsz;
+
size_t entity_queue;
int timeout = 60*60;
volatile sig_atomic_t killme;
@@ -90,7 +94,6 @@ entity_free(struct entity *ent)
free(ent->data);
free(ent->file);
- free(ent->descr);
free(ent);
}
@@ -103,8 +106,8 @@ void
entity_read_req(struct ibuf *b, struct entity *ent)
{
io_read_buf(b, &ent->type, sizeof(ent->type));
+ io_read_buf(b, &ent->talid, sizeof(ent->talid));
io_read_str(b, &ent->file);
- io_read_str(b, &ent->descr);
io_read_buf(b, &ent->has_data, sizeof(ent->has_data));
if (ent->has_data)
io_read_buf_alloc(b, (void **)&ent->data, &ent->datasz);
@@ -127,8 +130,8 @@ entity_write_req(const struct entity *en
b = io_new_buffer();
io_simple_buffer(b, &ent->type, sizeof(ent->type));
+ io_simple_buffer(b, &ent->talid, sizeof(ent->talid));
io_str_buffer(b, ent->file);
- io_str_buffer(b, ent->descr);
io_simple_buffer(b, &ent->has_data, sizeof(int));
if (ent->has_data)
io_buf_buffer(b, ent->data, ent->datasz);
@@ -169,7 +172,7 @@ entityq_flush(struct entityq *q, struct
*/
static void
entityq_add(char *file, enum rtype type, struct repo *rp,
- unsigned char *data, size_t datasz, char *descr)
+ unsigned char *data, size_t datasz, int talid)
{
struct entity *p;
@@ -177,15 +180,13 @@ entityq_add(char *file, enum rtype type,
err(1, NULL);
p->type = type;
+ p->talid = talid;
p->file = file;
p->has_data = data != NULL;
if (p->has_data) {
p->data = data;
p->datasz = datasz;
}
- if (descr != NULL)
- if ((p->descr = strdup(descr)) == NULL)
- err(1, NULL);
entity_queue++;
@@ -336,7 +337,7 @@ queue_add_from_mft(const char *mft, cons
* that the repository has already been loaded.
*/
- entityq_add(nfile, type, NULL, NULL, 0, NULL);
+ entityq_add(nfile, type, NULL, NULL, 0, -1);
}
/*
@@ -384,7 +385,7 @@ queue_add_from_mft_set(const struct mft
* Add a local TAL file (RFC 7730) to the queue of files to fetch.
*/
static void
-queue_add_tal(const char *file)
+queue_add_tal(const char *file, int id)
{
unsigned char *buf;
char *nfile;
@@ -398,21 +399,8 @@ queue_add_tal(const char *file)
return;
}
- /* Record tal for later reporting */
- if (stats.talnames == NULL) {
- if ((stats.talnames = strdup(file)) == NULL)
- err(1, NULL);
- } else {
- char *tmp;
-
- if (asprintf(&tmp, "%s %s", stats.talnames, file) == -1)
- err(1, NULL);
- free(stats.talnames);
- stats.talnames = tmp;
- }
-
/* Not in a repository, so directly add to queue. */
- entityq_add(nfile, RTYPE_TAL, NULL, buf, len, NULL);
+ entityq_add(nfile, RTYPE_TAL, NULL, buf, len, id);
}
/*
@@ -426,6 +414,9 @@ queue_add_from_tal(struct tal *tal)
assert(tal->urisz);
+ if ((taldescs[tal->id] = strdup(tal->descr)) == NULL)
+ err(1, NULL);
+
/* Look up the repository. */
repo = ta_lookup(tal);
@@ -433,7 +424,7 @@ queue_add_from_tal(struct tal *tal)
data = tal->pkey;
tal->pkey = NULL;
entityq_add(NULL, RTYPE_CER, repo, data,
- tal->pkeysz, tal->descr);
+ tal->pkeysz, tal->id);
}
/*
@@ -453,7 +444,7 @@ queue_add_from_cert(const struct cert *c
if ((nfile = strdup(cert->mft)) == NULL)
err(1, NULL);
- entityq_add(nfile, RTYPE_MFT, repo, NULL, 0, NULL);
+ entityq_add(nfile, RTYPE_MFT, repo, NULL, 0, -1);
}
/*
@@ -609,7 +600,7 @@ rrdp_process(struct ibuf *b)
* Don't exceded "max" filenames.
*/
static size_t
-tal_load_default(const char *tals[], size_t max)
+tal_load_default(void)
{
static const char *confdir = "/etc/rpki";
size_t s = 0;
@@ -623,7 +614,7 @@ tal_load_default(const char *tals[], siz
while ((dp = readdir(dirp)) != NULL) {
if (fnmatch("*.tal", dp->d_name, FNM_PERIOD) == FNM_NOMATCH)
continue;
- if (s >= max)
+ if (s >= TALSZ_MAX)
err(1, "too many tal files found in %s",
confdir);
if (asprintf(&path, "%s/%s", confdir, dp->d_name) == -1)
@@ -672,7 +663,7 @@ main(int argc, char *argv[])
{
int rc, c, st, proc, rsync, http, rrdp, ok, hangup = 0;
int fl = SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK;
- size_t i, id, talsz = 0;
+ size_t i, id;
pid_t pid, procpid, rsyncpid, httppid, rrdppid;
int fd[2];
struct pollfd pfd[NPFD];
@@ -682,7 +673,7 @@ main(int argc, char *argv[])
char *rsync_prog = "openrsync";
char *bind_addr = NULL;
const char *cachedir = NULL, *outputdir = NULL;
- const char *tals[TALSZ_MAX], *errs, *name;
+ const char *errs, *name;
const char *file = NULL;
struct vrp_tree vrps = RB_INITIALIZER(&vrps);
struct brk_tree brks = RB_INITIALIZER(&brks);
@@ -799,7 +790,7 @@ main(int argc, char *argv[])
outformats = FORMAT_OPENBGPD;
if (talsz == 0)
- talsz = tal_load_default(tals, TALSZ_MAX);
+ talsz = tal_load_default();
if (talsz == 0)
err(1, "no TAL files found in %s", "/etc/rpki");
@@ -999,7 +990,7 @@ main(int argc, char *argv[])
*/
for (i = 0; i < talsz; i++)
- queue_add_tal(tals[i]);
+ queue_add_tal(tals[i], i);
/* change working directory to the cache directory */
if (fchdir(cachefd) == -1)
@@ -1170,7 +1161,6 @@ main(int argc, char *argv[])
if (outputfiles(&vrps, &brks, &stats))
rc = 1;
-
logx("Processing time %lld seconds "
"(%lld seconds user, %lld seconds system)",
(long long)stats.elapsed_time.tv_sec,
@@ -1181,7 +1171,8 @@ main(int argc, char *argv[])
logx("BGPsec Router Certificates: %zu", stats.brks);
logx("Certificates: %zu (%zu invalid)",
stats.certs, stats.certs_fail);
- logx("Trust Anchor Locators: %zu", stats.tals);
+ logx("Trust Anchor Locators: %zu (%zu invalid)",
+ stats.tals, talsz - stats.tals);
logx("Manifests: %zu (%zu failed parse, %zu stale)",
stats.mfts, stats.mfts_fail, stats.mfts_stale);
logx("Certificate revocation lists: %zu", stats.crls);
Index: output-csv.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/output-csv.c,v
retrieving revision 1.11
diff -u -p -r1.11 output-csv.c
--- output-csv.c 11 Oct 2021 16:50:03 -0000 1.11
+++ output-csv.c 3 Nov 2021 17:47:36 -0000
@@ -34,7 +34,8 @@ output_csv(FILE *out, struct vrp_tree *v
ip_addr_print(&v->addr, v->afi, buf, sizeof(buf));
if (fprintf(out, "AS%u,%s,%u,%s,%lld\n", v->asid, buf,
- v->maxlength, v->tal, (long long)v->expires) < 0)
+ v->maxlength, taldescs[v->talid],
+ (long long)v->expires) < 0)
return -1;
}
return 0;
Index: output-json.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/output-json.c,v
retrieving revision 1.21
diff -u -p -r1.21 output-json.c
--- output-json.c 1 Nov 2021 17:00:34 -0000 1.21
+++ output-json.c 3 Nov 2021 17:48:29 -0000
@@ -28,6 +28,7 @@ outputheader_json(FILE *out, struct stat
char hn[NI_MAXHOST], tbuf[26];
struct tm *tp;
time_t t;
+ size_t i;
time(&t);
setenv("TZ", "UTC", 1);
@@ -50,7 +51,24 @@ outputheader_json(FILE *out, struct stat
"\t\t\"certificates\": %zu,\n"
"\t\t\"invalidcertificates\": %zu,\n"
"\t\t\"tals\": %zu,\n"
- "\t\t\"talfiles\": \"%s\",\n"
+ "\t\t\"invalidtals\": %zu,\n"
+ "\t\t\"talfiles\": [\n",
+ hn, tbuf, (long long)st->elapsed_time.tv_sec,
+ (long long)st->user_time.tv_sec, (long long)st->system_time.tv_sec,
+ st->roas, st->roas_fail, st->roas_invalid,
+ st->brks, st->certs, st->certs_fail,
+ st->tals, talsz - st->tals) < 0)
+ return -1;
+
+ for (i = 0; i < talsz; i++) {
+ if (fprintf(out,
+ "\t\t\t\"%s\"%s\n",
+ tals[i], i == talsz - 1 ? "" : ",") < 0)
+ return -1;
+ }
+
+ if (fprintf(out,
+ "\t\t],\n"
"\t\t\"manifests\": %zu,\n"
"\t\t\"failedmanifests\": %zu,\n"
"\t\t\"stalemanifests\": %zu,\n"
@@ -62,11 +80,6 @@ outputheader_json(FILE *out, struct stat
"\t\t\"cachedir_del_files\": %zu,\n"
"\t\t\"cachedir_del_dirs\": %zu\n"
"\t},\n\n",
- hn, tbuf, (long long)st->elapsed_time.tv_sec,
- (long long)st->user_time.tv_sec, (long long)st->system_time.tv_sec,
- st->roas, st->roas_fail, st->roas_invalid,
- st->brks, st->certs, st->certs_fail,
- st->tals, st->talnames,
st->mfts, st->mfts_fail, st->mfts_stale,
st->crls,
st->gbrs,
@@ -103,7 +116,8 @@ output_json(FILE *out, struct vrp_tree *
if (fprintf(out, "\t\t{ \"asn\": %u, \"prefix\": \"%s\", "
"\"maxLength\": %u, \"ta\": \"%s\", \"expires\": %lld }",
- v->asid, buf, v->maxlength, v->tal, (long long)v->expires)
+ v->asid, buf, v->maxlength, taldescs[v->talid],
+ (long long)v->expires)
< 0)
return -1;
}
@@ -121,7 +135,7 @@ output_json(FILE *out, struct vrp_tree *
if (fprintf(out, "\t\t{ \"asn\": %u, \"ski\": \"%s\", "
"\"pubkey\": \"%s\", \"ta\": \"%s\", \"expires\": %lld }",
- b->asid, b->ski, b->pubkey, b->tal,
+ b->asid, b->ski, b->pubkey, taldescs[b->talid],
(long long)b->expires) < 0)
return -1;
}
Index: output.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/output.c,v
retrieving revision 1.23
diff -u -p -r1.23 output.c
--- output.c 1 Nov 2021 17:00:34 -0000 1.23
+++ output.c 3 Nov 2021 18:19:15 -0000
@@ -201,6 +201,7 @@ outputheader(FILE *out, struct stats *st
char hn[NI_MAXHOST], tbuf[80];
struct tm *tp;
time_t t;
+ size_t i;
time(&t);
setenv("TZ", "UTC", 1);
@@ -211,21 +212,31 @@ outputheader(FILE *out, struct stats *st
if (fprintf(out,
"# Generated on host %s at %s\n"
- "# Processing time %lld seconds (%lld seconds user, %lld seconds
system)\n"
+ "# Processing time %lld seconds (%llds user, %llds system)\n"
"# Route Origin Authorizations: %zu (%zu failed parse, %zu
invalid)\n"
"# BGPsec Router Certificates: %zu\n"
- "# Certificates: %zu (%zu invalid)\n"
- "# Trust Anchor Locators: %zu (%s)\n"
+ "# Certificates: %zu (%zu invalid)\n",
+ hn, tbuf, (long long)st->elapsed_time.tv_sec,
+ (long long)st->user_time.tv_sec, (long long)st->system_time.tv_sec,
+ st->roas, st->roas_fail, st->roas_invalid,
+ st->brks, st->certs, st->certs_fail) < 0)
+ return -1;
+
+ if (fprintf(out,
+ "# Trust Anchor Locators: %zu (%zu invalid) [", st->tals,
+ talsz - st->tals) < 0)
+ return -1;
+ for (i = 0; i < talsz; i++)
+ if (fprintf(out, " %s", tals[i]) < 0)
+ return -1;
+
+ if (fprintf(out,
+ " ]\n"
"# Manifests: %zu (%zu failed parse, %zu stale)\n"
"# Certificate revocation lists: %zu\n"
"# Ghostbuster records: %zu\n"
"# Repositories: %zu\n"
"# VRP Entries: %zu (%zu unique)\n",
- hn, tbuf, (long long)st->elapsed_time.tv_sec,
- (long long)st->user_time.tv_sec, (long long)st->system_time.tv_sec,
- st->roas, st->roas_fail, st->roas_invalid,
- st->brks, st->certs, st->certs_fail,
- st->tals, st->talnames,
st->mfts, st->mfts_fail, st->mfts_stale,
st->crls,
st->gbrs,
Index: parser.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v
retrieving revision 1.26
diff -u -p -r1.26 parser.c
--- parser.c 3 Nov 2021 10:50:18 -0000 1.26
+++ parser.c 3 Nov 2021 18:01:58 -0000
@@ -233,8 +233,7 @@ proc_parser_cert(const struct entity *en
sk_X509_free(chain);
sk_X509_CRL_free(crls);
- if ((cert->tal = strdup(a->cert->tal)) == NULL)
- err(1, NULL);
+ cert->talid = a->cert->talid;
/* Validate the cert to get the parent */
if (!valid_cert(entp->file, &auths, cert)) {
@@ -319,8 +318,7 @@ proc_parser_root_cert(const struct entit
goto badcert;
}
- if ((cert->tal = strdup(entp->descr)) == NULL)
- err(1, NULL);
+ cert->talid = entp->talid;
/*
* Add valid roots to the RPKI auth tree.
@@ -521,6 +519,7 @@ parse_entity(struct entityq *q, struct m
entp->datasz)) == NULL)
errx(1, "%s: could not parse tal file",
entp->file);
+ tal->id = entp->talid;
tal_buffer(b, tal);
tal_free(tal);
break;
Index: roa.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/roa.c,v
retrieving revision 1.30
diff -u -p -r1.30 roa.c
--- roa.c 28 Oct 2021 09:02:19 -0000 1.30
+++ roa.c 3 Nov 2021 17:51:25 -0000
@@ -409,7 +409,6 @@ roa_free(struct roa *p)
free(p->aki);
free(p->ski);
free(p->ips);
- free(p->tal);
free(p);
}
@@ -424,6 +423,7 @@ roa_buffer(struct ibuf *b, const struct
io_simple_buffer(b, &p->valid, sizeof(int));
io_simple_buffer(b, &p->asid, sizeof(uint32_t));
+ io_simple_buffer(b, &p->talid, sizeof(size_t));
io_simple_buffer(b, &p->ipsz, sizeof(size_t));
io_simple_buffer(b, &p->expires, sizeof(time_t));
@@ -438,7 +438,6 @@ roa_buffer(struct ibuf *b, const struct
io_str_buffer(b, p->aia);
io_str_buffer(b, p->aki);
io_str_buffer(b, p->ski);
- io_str_buffer(b, p->tal);
}
/*
@@ -457,6 +456,7 @@ roa_read(struct ibuf *b)
io_read_buf(b, &p->valid, sizeof(int));
io_read_buf(b, &p->asid, sizeof(uint32_t));
+ io_read_buf(b, &p->talid, sizeof(size_t));
io_read_buf(b, &p->ipsz, sizeof(size_t));
io_read_buf(b, &p->expires, sizeof(time_t));
@@ -474,8 +474,7 @@ roa_read(struct ibuf *b)
io_read_str(b, &p->aia);
io_read_str(b, &p->aki);
io_read_str(b, &p->ski);
- io_read_str(b, &p->tal);
- assert(p->aia && p->aki && p->ski && p->tal);
+ assert(p->aia && p->aki && p->ski);
return p;
}
@@ -499,8 +498,7 @@ roa_insert_vrps(struct vrp_tree *tree, s
v->addr = roa->ips[i].addr;
v->maxlength = roa->ips[i].maxlength;
v->asid = roa->asid;
- if ((v->tal = strdup(roa->tal)) == NULL)
- err(1, NULL);
+ v->talid = roa->talid;
v->expires = roa->expires;
/*
@@ -512,12 +510,9 @@ roa_insert_vrps(struct vrp_tree *tree, s
/* already exists */
if (found->expires < v->expires) {
/* update found with preferred data */
- found->expires = roa->expires;
- free(found->tal);
- found->tal = v->tal;
- v->tal = NULL;
+ found->talid = v->talid;
+ found->expires = v->expires;
}
- free(v->tal);
free(v);
} else
(*uniqs)++;
Index: tal.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/tal.c,v
retrieving revision 1.32
diff -u -p -r1.32 tal.c
--- tal.c 26 Oct 2021 16:12:54 -0000 1.32
+++ tal.c 3 Nov 2021 18:03:46 -0000
@@ -213,6 +213,7 @@ tal_buffer(struct ibuf *b, const struct
{
size_t i;
+ io_simple_buffer(b, &p->id, sizeof(size_t));
io_buf_buffer(b, p->pkey, p->pkeysz);
io_str_buffer(b, p->descr);
io_simple_buffer(b, &p->urisz, sizeof(size_t));
@@ -235,6 +236,7 @@ tal_read(struct ibuf *b)
if ((p = calloc(1, sizeof(struct tal))) == NULL)
err(1, NULL);
+ io_read_buf(b, &p->id, sizeof(size_t));
io_read_buf_alloc(b, (void **)&p->pkey, &p->pkeysz);
io_read_str(b, &p->descr);
io_read_buf(b, &p->urisz, sizeof(size_t));
Index: validate.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/validate.c,v
retrieving revision 1.21
diff -u -p -r1.21 validate.c
--- validate.c 1 Nov 2021 09:12:18 -0000 1.21
+++ validate.c 3 Nov 2021 17:52:05 -0000
@@ -217,8 +217,7 @@ valid_roa(const char *fn, struct auth_tr
if (a == NULL)
return 0;
- if ((roa->tal = strdup(a->cert->tal)) == NULL)
- err(1, NULL);
+ roa->talid = a->cert->talid;
for (i = 0; i < roa->ipsz; i++) {
if (valid_ip(a, roa->ips[i].afi, roa->ips[i].min,
