Once a ProviderAS has an afiLimit, all subsequent ProviderAS without
afiLimit will erroneously inherit that limit since provider.afi is
only (re)set if pa->afiLimit != NULL. Zeroing the provider inside the
loop avoids this issue.
Index: aspa.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/aspa.c,v
retrieving revision 1.3
diff -u -p -r1.3 aspa.c
--- aspa.c 5 Sep 2022 12:25:32 -0000 1.3
+++ aspa.c 5 Sep 2022 12:37:40 -0000
@@ -90,8 +90,6 @@ aspa_parse_providers(struct parse *p, co
struct aspa_provider provider;
size_t providersz, i;
- memset(&provider, 0, sizeof(provider));
-
if ((providersz = sk_ProviderAS_num(providers)) == 0) {
warnx("%s: ASPA: ProviderASSet needs at least one entry",
p->fn);
@@ -110,6 +108,8 @@ aspa_parse_providers(struct parse *p, co
for (i = 0; i < providersz; i++) {
pa = sk_ProviderAS_value(providers, i);
+
+ memset(&provider, 0, sizeof(provider));
if (!as_id_parse(pa->providerASID, &provider.as)) {
warnx("%s: ASPA: malformed ProviderAS", p->fn);
