From 91245d338cefa204088276bd5a4d2907d3586cd0 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Tue, 29 Jan 2013 23:23:10 +0000 Subject: Check for empty RFC 3779 extensions. See #406. svn path=/trunk/; revision=4981 --- rcynic/rcynic.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'rcynic') diff --git a/rcynic/rcynic.c b/rcynic/rcynic.c index 2f37ed79..0634bc52 100644 --- a/rcynic/rcynic.c +++ b/rcynic/rcynic.c @@ -3707,7 +3707,8 @@ static int check_x509(rcynic_ctx_t *rc, ex_count--; if ((loc = X509_get_ext_by_NID(x, NID_sbgp_ipAddrBlock, -1)) < 0 || !X509_EXTENSION_get_critical(X509_get_ext(x, loc)) || - !v3_addr_is_canonical(x->rfc3779_addr)) { + !v3_addr_is_canonical(x->rfc3779_addr) || + sk_IPAddressFamily_num(x->rfc3779_addr) == 0) { log_validation_status(rc, uri, bad_ipaddrblocks, generation); goto done; } @@ -3718,6 +3719,7 @@ static int check_x509(rcynic_ctx_t *rc, if ((loc = X509_get_ext_by_NID(x, NID_sbgp_autonomousSysNum, -1)) < 0 || !X509_EXTENSION_get_critical(X509_get_ext(x, loc)) || !v3_asid_is_canonical(x->rfc3779_asid) || + x->rfc3779_asid->asnum == NULL || x->rfc3779_asid->rdi != NULL) { log_validation_status(rc, uri, bad_asidentifiers, generation); goto done; -- cgit v1.2.3 From cce70c7b31498037b731024bcd805b8d47670fd0 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Tue, 29 Jan 2013 23:46:40 +0000 Subject: Regen. Perhaps Generator Id in defstack.py's output was a mistake? svn path=/trunk/; revision=4982 --- rcynic/defstack.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'rcynic') diff --git a/rcynic/defstack.h b/rcynic/defstack.h index 97490878..370c8129 100644 --- a/rcynic/defstack.h +++ b/rcynic/defstack.h @@ -1,6 +1,6 @@ /* * Automatically generated, do not edit. - * Generator $Id: defstack.py 4725 2012-09-19 21:28:34Z sra $ + * Generator $Id: defstack.py 4878 2012-11-15 22:13:53Z sra $ */ #ifndef __RCYNIC_C__DEFSTACK_H__ -- cgit v1.2.3