Re: acme-client: check token names

Thu, 05 May 2022 06:58:20 -0700 

On 2022-05-04 13:21 +0430, Ali Farzanrad <ali_farzan...@riseup.net> wrote:
> OK, I've tested following diff on my own domain and it works.
> I did 2 modifications:
>
>  1. I explicitly call setlocate with "C" to ensure C locale,

I came to the conclusion that it's best to call setlocale in first thing
in main, that's what other code does, too and seems less surprising.

>
>  2. I did a string length check.  According to RFC it must have 128 bit
>     of random entropy, so it should have at least 22 base64 characters,
>     but I was unsure.  So I only check for empty strings.

Checking for an empty string gives us a better error message, we would
error out with EISDIR in open(2) later, so that's good I guess.
Trying to enforce entropy seems a bit silly though, it's there to
protect the CA, if they mess this up it's their problem.

The following diff just moves setlocale to main and is OK florian

Or I can commit it myself is someone else OKs it.

diff --git chngproc.c chngproc.c
index 0cbfaf27c31..f9cff65311d 100644
--- chngproc.c
+++ chngproc.c
@@ -16,6 +16,7 @@
  */
 
 #include <assert.h>
+#include <ctype.h>
 #include <err.h>
 #include <errno.h>
 #include <fcntl.h>
@@ -77,6 +78,18 @@ chngproc(int netsock, const char *root)
                        goto out;
                else if ((tok = readstr(netsock, COMM_TOK)) == NULL)
                        goto out;
+               else if (strlen(tok) < 1) {
+                       warnx("token is too short");
+                       goto out;
+               }
+
+               for (i = 0; tok[i]; ++i) {
+                       int ch = (unsigned char)tok[i];
+                       if (!isalnum(ch) && ch != '-' && ch != '_') {
+                               warnx("token is not a valid base64url");
+                               goto out;
+                       }
+               }
 
                if (asprintf(&fmt, "%s.%s", tok, th) == -1) {
                        warn("asprintf");
diff --git main.c main.c
index 65ea2cf3ac3..a3006ca1483 100644
--- main.c
+++ main.c
@@ -20,6 +20,7 @@
 #include <ctype.h>
 #include <err.h>
 #include <libgen.h>
+#include <locale.h>
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -56,6 +57,9 @@ main(int argc, char *argv[])
        struct domain_c         *domain = NULL;
        struct altname_c        *ac;
 
+       if (setlocale(LC_CTYPE, "C") == NULL)
+               errx(1, "setlocale");
+
        while ((c = getopt(argc, argv, "Fnrvf:")) != -1)
                switch (c) {
                case 'F':


-- 
I'm not entirely sure you are real.

Reply via email to