Re: acme-client: check token names

Wed, 04 May 2022 01:53:19 -0700 

Florian Obser <flor...@openbsd.org> wrote:
> On 2022-05-03 17:41 +0430, Ali Farzanrad <ali_farzan...@riseup.net> wrote:
> >
> > Hi Florian,
> >
> > Yes, I read the RFC, it should work, but I couldn't test it yet, because
> > my domain manager is a little lazy (I've registeret 2 subdomains for my
> > domain, but it is not listed in name servers yet).  I'll probably test
> > it tomorrow.
> >
> > I read the isalnum man page, it said that isalnum might have different
> > behavior based on locale, so I decide to not use that.  Is it OK?
> 
> No, please do a
>       setlocale(LC_CTYPE, "");
> at the beginning of chngproc, before the unveil and then use isalnum
> instead of handrolling it. It will fit into chngproc, so no need for
> another function
> 
> -- 
> I'm not entirely sure you are real.
> 

OK, I've tested following diff on my own domain and it works.
I did 2 modifications:

 1. I explicitly call setlocate with "C" to ensure C locale,

 2. I did a string length check.  According to RFC it must have 128 bit
    of random entropy, so it should have at least 22 base64 characters,
    but I was unsure.  So I only check for empty strings.


Index: chngproc.c
===================================================================
RCS file: /cvs/src/usr.sbin/acme-client/chngproc.c,v
retrieving revision 1.16
diff -u -p -r1.16 chngproc.c
--- chngproc.c  12 Jul 2021 15:09:20 -0000      1.16
+++ chngproc.c  4 May 2022 08:37:32 -0000
@@ -16,9 +16,11 @@
  */
 
 #include <assert.h>
+#include <ctype.h>
 #include <err.h>
 #include <errno.h>
 #include <fcntl.h>
+#include <locale.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -42,6 +44,11 @@ chngproc(int netsock, const char *root)
                goto out;
        }
 
+       if (setlocale(LC_CTYPE, "C") == NULL) {
+               warnx("setlocale");
+               goto out;
+       }
+
        if (pledge("stdio cpath wpath", NULL) == -1) {
                warn("pledge");
                goto out;
@@ -77,6 +84,18 @@ chngproc(int netsock, const char *root)
                        goto out;
                else if ((tok = readstr(netsock, COMM_TOK)) == NULL)
                        goto out;
+               else if (strlen(tok) < 1) {
+                       warnx("token is too short");
+                       goto out;
+               }
+
+               for (i = 0; tok[i]; ++i) {
+                       int ch = (unsigned char)tok[i];
+                       if (!isalnum(ch) && ch != '-' && ch != '_') {
+                               warnx("token is not a valid base64url");
+                               goto out;
+                       }
+               }
 
                if (asprintf(&fmt, "%s.%s", tok, th) == -1) {
                        warn("asprintf");

Reply via email to