search

NICMx / FORT-validator

RPKI cache validator
MIT License
49 stars 24 forks source link

Programming error when a ROA without prefixes is validated #12

Closed TheRedTrainer closed 5 years ago

TheRedTrainer commented 5 years ago

When FORT is validating a repository, if any of the ROAs included doesn't contain any IP prefixes, the following error message is displayed : 

sudo fort --tal test.tal --local-repository=/home/user/ --sync-strategy=off --configuration-file=fort.json
INF: Configuration {
INF:   tal: test.tal
INF:   local-repository: /home/user/
INF:   sync-strategy: off
INF:   shuffle-uris: false
INF:   maximum-certificate-depth: 32
INF:   slurm: (null)
INF:   mode: server
INF:   server.address: (null)
INF:   server.port: 323
INF:   server.backlog: 128
INF:   server.validation-interval: 3600
INF:   rsync.program: rsync
INF:   rsync.arguments-recursive:
INF:     --recursive
INF:     --delete
INF:     --times
INF:     --contimeout=20
INF:     $REMOTE
INF:     $LOCAL
INF:   rsync.arguments-flat:
INF:     --times
INF:     --contimeout=20
INF:     --dirs
INF:     $REMOTE
INF:     $LOCAL
INF:   log.color-output: false
INF:   log.file-name-format: global-url
INF:   Custom incidences:
INF:     Signed Object's hash algorithm has NULL object as parameters: ignore
INF:   output.roa: /home/user/fort_roas.csv
INF: }
INF: rpkiManifest registered. Its nid is 1195.
INF: signedObject registered. Its nid is 1196.
INF: rpkiNotify registered. Its nid is 1197.
INF: id-cp-ipAddr-asNumber (RFC 6484) registered. Its nid is 1198.
INF: id-cp-ipAddr-asNumber-v2 (RFC 8360) registered. Its nid is 1199.
INF: id-pe-ipAddrBlocks-v2 registered. Its nid is 1200.
INF: id-pe-autonomousSysIds-v2 registered. Its nid is 1201.
Attempting to bind socket to address 'any', port '323'.
Success.
CRT: rsync://localhost/repository/root-roa2.roa: Programming error: ipAddrBlocks array is NULL.
Stack trace:
 fort(print_stack_trace+0x32) [0x5619d3035272]
 fort(pr_crit+0x10e) [0x5619d303684e]
 fort(+0x240ac) [0x5619d303f0ac]
 fort(rpp_traverse+0x48) [0x5619d3038218]
 fort(certificate_traverse+0x20b) [0x5619d303dd1b]
 fort(+0x243ca) [0x5619d303f3ca]
 fort(foreach_uri+0x72) [0x5619d303f7e2]
 fort(+0x2492c) [0x5619d303f92c]
 fort(process_file_or_dir+0x5e) [0x5619d303476e]
 fort(perform_standalone_validation+0x34) [0x5619d303f9b4]
 fort(vrps_update+0x65) [0x5619d3044c65]
 fort(+0x1de43) [0x5619d3038e43]
 /lib/x86_64-linux-gnu/libpthread.so.0(+0x76db) [0x7f9c880cc6db]
 /lib/x86_64-linux-gnu/libc.so.6(clone+0x3f) [0x7f9c87df588f]
(Stack size was 14.)
pcarana commented 5 years ago

The error was treated as critical, so the application stopped when such scenario was present.

Now, the error is logged and handled gracefully.

TheRedTrainer commented 5 years ago

Verified. If a ROA contains a ipPrefix list without any prefixes, the following error is displayed without any stack trace:

ERR: rsync://localhost/repository/testnic-roa.roa: ipAddrBlocks array is NULL.