Prior to this we substring matched and allowed a leading .
on a SAN DNSname constraint. This is not correct, as with
a DNSname constraint, it may exacly match or match zero or
more additional components on the front of the candidte to
match.
Spotted by Haruto Kimura <hkimura2026 at gmail.com>
ok tb@ kenjiro@
Document RETURN value for timegm(3)
APIs with in-band errors that conflate the error with a legitimate return
value are about the worst you can get. Near and dear to my heart is the API
aptly described as "gibbering eidritch horror" by beck: ASN1_INTEGER_get(3).
Adapt the wording of its RETURN VALUES to timegm() and mktime(), for which
Dec 31, 1969 at 23:59:59 will yield the error return -1 and thereby errata.
Missing docs pointed out by claudio a while back and yesterday by deraadt
ok deraadt millert
At the end of parsing the http response header do some sanity checks
to ensure that the response includes all needed data.
Right now only the presence of a Location header is checked if a HTTP
redirect was returned (e.g. a 301 status).
Different fix for a report from Daniel Anderson
from claudio@; OK tb@
rpki-client: fix incorrect error exit in x509_get_time()
A UTCTime represents a time between Jan 1, 1950 and Dec 31, 2049. This
includes Dec 31, 1969, 23:59:59 UTC, which translates to epoch -1 when
converted as a time_t. timegm()'s in-band error conflates this time with
its error return, so a hard error for this creates a DoS.
Instead, return an error for ASN.1 times that translate to negative time_t
and bubble up the error to reject the RPKI product as malformed. Real life
notBefore (or equivalent) are in the ongoing millenium, although strictly
[8 lines not shown]
At the end of parsing the http response header do some sanity checks
to ensure that the response includes all needed data.
Right now only the presence of a Location header is checked if a HTTP
redirect was returned (e.g. a 301 status).
Different fix for a report from Daniel Anderson
from claudio@; OK tb@
rpki-client: fix incorrect error exit in x509_get_time()
A UTCTime represents a time between Jan 1, 1950 and Dec 31, 2049. This
includes Dec 31, 1969, 23:59:59 UTC, which translates to epoch -1 when
converted as a time_t. timegm()'s in-band error conflates this time with
its error return, so a hard error for this creates a DoS.
Instead, return an error for ASN.1 times that translate to negative time_t
and bubble up the error to reject the RPKI product as malformed. Real life
notBefore (or equivalent) are in the ongoing millenium, although strictly
[8 lines not shown]
These programs spin if they receive a RA from the local network with
ND option with length 0. from Daniel Wade
from deraadt@; ok florian
this is errata/7.7/035_v6daemons.patch.sig
These programs spin if they receive a RA from the local network with
ND option with length 0. from Daniel Wade
from deraadt@; ok florian
this is errata/7.8/029_v6daemons.patch.sig
The fault handling code that deals with getting back from swap for an
anon does not expect failures because we are short on memory. These
are synchronous operations so we're expected to wait on memory to
become available. This got broken in rev 1.178 (Back out the
pagedaemon "oom" reserve and sleeping point). Bring back the code to
allocate bounce memory using uvm_pglistalloc(9) but only use it for
the !async case (which will never be use by the pagedaemon).
This fixes random segfaults when under memory pressure and init dying
with SIGILL because it can't copy out a signal frame to the stack when
it happens to trigger such a segfault.
With deraadt@, who wrote the code to consolidate the allocation of
bounce memory.
ok deraadt@
decrease the agressiveness of inactive growth from the previous commit.
A small increase is enough; if not enough free is created in one round,
it will be created the next time.
long discussions with kirill
Fix CCR ROAIPAddressFamily sort order
RFC 9582 section 4.3.3 defines the canonical form of ipAddrBlocks.
Thanks to Bart Bakker from RIPE NCC for reporting.
OK tb@
rpki-client: fix incorrect error exit in x509_get_time()
A UTCTime represents a time between Jan 1, 1950 and Dec 31, 2049. This
includes Dec 31, 1969, 23:59:59 UTC, which translates to epoch -1 when
converted as a time_t. timegm()'s in-band error conflates this time with
its error return, so a hard error for this creates a DoS.
Instead, return an error for ASN.1 times that translate to negative time_t
and bubble up the error to reject the RPKI product as malformed. Real life
notBefore (or equivalent) are in the ongoing millenium, although strictly
speaking this is not guaranteed since Validity windows need not nest.
Thanks to Yuheng Zhang, Qi Wang, Jianjun Chen from Tsinghua University,
and Teatime Lab for reporting.
ok claudio job
rpki-client: ignore malformed revocationDate in CRLs
Do not treat x509_get_time() failure as a hard error in file mode.
Just skip the entry we can't format and emit a warning.
ok claudio
check the prefix (cidr) len for an allowedip is valid.
ie, don't allow prefixes greater than 32 or 128 bits for ipv4 and
ipv6 respectively.
found by Daniel Wade (danjwade95 at gmail dot com), who also suggested
the fix.
ok deraadt@ jmatthew@
