Florian Obser <flor...@openbsd.org> wrote: > On 2022-05-03 17:41 +0430, Ali Farzanrad <ali_farzan...@riseup.net> wrote: > > > > Hi Florian, > > > > Yes, I read the RFC, it should work, but I couldn't test it yet, because > > my domain manager is a little lazy (I've registeret 2 subdomains for my > > domain, but it is not listed in name servers yet). I'll probably test > > it tomorrow. > > > > I read the isalnum man page, it said that isalnum might have different > > behavior based on locale, so I decide to not use that. Is it OK? > > No, please do a > setlocale(LC_CTYPE, ""); > at the beginning of chngproc, before the unveil and then use isalnum > instead of handrolling it. It will fit into chngproc, so no need for > another function > > -- > I'm not entirely sure you are real. >
OK, I've tested following diff on my own domain and it works. I did 2 modifications: 1. I explicitly call setlocate with "C" to ensure C locale, 2. I did a string length check. According to RFC it must have 128 bit of random entropy, so it should have at least 22 base64 characters, but I was unsure. So I only check for empty strings. Index: chngproc.c =================================================================== RCS file: /cvs/src/usr.sbin/acme-client/chngproc.c,v retrieving revision 1.16 diff -u -p -r1.16 chngproc.c --- chngproc.c 12 Jul 2021 15:09:20 -0000 1.16 +++ chngproc.c 4 May 2022 08:37:32 -0000 @@ -16,9 +16,11 @@ */ #include <assert.h> +#include <ctype.h> #include <err.h> #include <errno.h> #include <fcntl.h> +#include <locale.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -42,6 +44,11 @@ chngproc(int netsock, const char *root) goto out; } + if (setlocale(LC_CTYPE, "C") == NULL) { + warnx("setlocale"); + goto out; + } + if (pledge("stdio cpath wpath", NULL) == -1) { warn("pledge"); goto out; @@ -77,6 +84,18 @@ chngproc(int netsock, const char *root) goto out; else if ((tok = readstr(netsock, COMM_TOK)) == NULL) goto out; + else if (strlen(tok) < 1) { + warnx("token is too short"); + goto out; + } + + for (i = 0; tok[i]; ++i) { + int ch = (unsigned char)tok[i]; + if (!isalnum(ch) && ch != '-' && ch != '_') { + warnx("token is not a valid base64url"); + goto out; + } + } if (asprintf(&fmt, "%s.%s", tok, th) == -1) { warn("asprintf");