An ok beck@ from me with my usual curmudgeonly mutterings
about the people who made this necessary for isalnum(), walls,
and revolutions...
> On May 5, 2022, at 7:57 AM, Florian Obser <flor...@openbsd.org> wrote:
>
> On 2022-05-04 13:21 +0430, Ali Farzanrad <ali_farzan...@riseup.net> wrote:
>> OK, I've tested following diff on my own domain and it works.
>> I did 2 modifications:
>>
>> 1. I explicitly call setlocate with "C" to ensure C locale,
>
> I came to the conclusion that it's best to call setlocale in first thing
> in main, that's what other code does, too and seems less surprising.
>
>>
>> 2. I did a string length check. According to RFC it must have 128 bit
>> of random entropy, so it should have at least 22 base64 characters,
>> but I was unsure. So I only check for empty strings.
>
> Checking for an empty string gives us a better error message, we would
> error out with EISDIR in open(2) later, so that's good I guess.
> Trying to enforce entropy seems a bit silly though, it's there to
> protect the CA, if they mess this up it's their problem.
>
> The following diff just moves setlocale to main and is OK florian
>
> Or I can commit it myself is someone else OKs it.
>
> diff --git chngproc.c chngproc.c
> index 0cbfaf27c31..f9cff65311d 100644
> --- chngproc.c
> +++ chngproc.c
> @@ -16,6 +16,7 @@
> */
>
> #include <assert.h>
> +#include <ctype.h>
> #include <err.h>
> #include <errno.h>
> #include <fcntl.h>
> @@ -77,6 +78,18 @@ chngproc(int netsock, const char *root)
> goto out;
> else if ((tok = readstr(netsock, COMM_TOK)) == NULL)
> goto out;
> + else if (strlen(tok) < 1) {
> + warnx("token is too short");
> + goto out;
> + }
> +
> + for (i = 0; tok[i]; ++i) {
> + int ch = (unsigned char)tok[i];
> + if (!isalnum(ch) && ch != '-' && ch != '_') {
> + warnx("token is not a valid base64url");
> + goto out;
> + }
> + }
>
> if (asprintf(&fmt, "%s.%s", tok, th) == -1) {
> warn("asprintf");
> diff --git main.c main.c
> index 65ea2cf3ac3..a3006ca1483 100644
> --- main.c
> +++ main.c
> @@ -20,6 +20,7 @@
> #include <ctype.h>
> #include <err.h>
> #include <libgen.h>
> +#include <locale.h>
> #include <stdarg.h>
> #include <stdio.h>
> #include <stdlib.h>
> @@ -56,6 +57,9 @@ main(int argc, char *argv[])
> struct domain_c *domain = NULL;
> struct altname_c *ac;
>
> + if (setlocale(LC_CTYPE, "C") == NULL)
> + errx(1, "setlocale");
> +
> while ((c = getopt(argc, argv, "Fnrvf:")) != -1)
> switch (c) {
> case 'F':
>
>
> --
> I'm not entirely sure you are real.
