IABSD.fr/src/usr.sbin

Branch : - branch - master - tag -

• Show log

  Commit

• Author : tb
  Date : 2026-05-09 01:42:30
  Hash : 800aa5a3
  Message : rpki-client: fix ip_addr_check_overlap() There is an off-by-one in the ip_addr_check_overlap() logic which allows a newly added interval to overlap in a common end point with an interval already in the list. Disallow equality in the two memcmp to avoid this. This bug dates back to the initial import of rpki-client where malformed certificates would be accepted. In modern rpki-client, the impact of this has been minimal ever since we started requiring that libcrypto support the RFC 3779 extensions in early 2022 by disallowing unknown critical extensions (rpki-client 7.6): For certificates this duplicates a check in the X.509 verifier (where it is correct). For TA constraints we have a canonicalization procedure that ensures the absence of overlaps. For ROAs no such check can be made since standards historically haven't required that addresses are canonical and still don't. The only remaining use of this API is from rsc.c where the overlap condition is indeed a small problem. Found by Frank Denis ok job

• Files
• Makefile
• Makefile.inc
• ac
• accton
• acme-client
• acpidump
• adduser
• amd
• apm
• apmd
• arp
• authpf
• bgpctl
• bgpd
• bgplgd
• bpflogd
• btrace
• chroot
• config
• cron
• crunchgen
• dev_mkdb
• dhcp6leasectl
• dhcpd
• dhcpleasectl
• dhcrelay
• dhcrelay6
• dvmrpctl
• dvmrpd
• edquota
• eeprom
• eigrpctl
• eigrpd
• fdformat
• ftp-proxy
• fw_update
• gpioctl
• hostapd
• hostctl
• hotplugd
• httpd
• identd
• ifstated
• ikectl
• inetd
• installboot
• iostat
• iscsictl
• iscsid
• kgmon
• kvm_mkdb
• ldapctl
• ldapd
• ldomctl
• ldomd
• ldpctl
• ldpd
• lldp
• lldpd
• lpd
• lpr
• mailwrapper
• makefs
• map-mbone
• memconfig
• mksuncd
• mkuboot
• mopd
• mrinfo
• mrouted
• mtrace
• mtree
• ndp
• netgroup_mkdb
• npppctl
• npppd
• nsd
• ntpd
• ocspcheck
• ospf6ctl
• ospf6d
• ospfctl
• ospfd
• pcidump
• pkg_add
• portmap
• pppd
• procmap
• pstat
• pwd_mkdb
• quot
• quotaon
• ractl
• rad
• radiusctl
• radiusd
• rarpd
• rbootd
• rcctl
• rdate
• rdsetroot
• relayctl
• relayd
• repquota
• ripctl
• ripd
• rmt
• route6d
• rpc.bootparamd
• rpc.lockd
• rpc.statd
• rpki-client
• sa
• sasyncd
• sensorsd
• slaacctl
• slowcgi
• smtpd
• snmpd
• spamdb
• syslogc
• syslogd
• sysmerge
• syspatch
• sysupgrade
• tcpdrop
• tcpdump
• tftp-proxy
• tftpd
• tokenadm
• tokeninit
• traceroute
• trpt
• unbound
• unwindctl
• usbdevs
• user
• vipw
• vmctl
• vmd
• watchdogd
• wsconscfg
• wsfontload
• wsmoused
• ypbind
• ypldap
• yppoll
• ypserv
• ypset
• zdump
• zic