Merge pull request #2602 from edsiper/crt-symlink

x509_crt: handle properly broken links when looking for certificates
This commit is contained in:
Gilles Peskine 2022-08-03 13:05:29 +02:00 committed by GitHub
commit b3edc1576c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 2 deletions

View file

@ -0,0 +1,5 @@
Bugfix
* Fix handling of broken symlinks when loading certificates using
mbedtls_x509_crt_parse_path(). Instead of returning an error as soon as a
broken link is encountered, skip the broken link and continue parsing
other certificate files. Contributed by Eduardo Silva in #2602.

View file

@ -82,6 +82,7 @@
#else #else
#include <dirent.h> #include <dirent.h>
#endif /* __MBED__ */ #endif /* __MBED__ */
#include <errno.h>
#endif /* !_WIN32 || EFIX64 || EFI32 */ #endif /* !_WIN32 || EFIX64 || EFI32 */
#endif #endif
@ -1658,9 +1659,23 @@ cleanup:
} }
else if( stat( entry_name, &sb ) == -1 ) else if( stat( entry_name, &sb ) == -1 )
{ {
if( errno == ENOENT )
{
/* Broken symbolic link - ignore this entry.
stat(2) will return this error for either (a) a dangling
symlink or (b) a missing file.
Given that we have just obtained the filename from readdir,
assume that it does exist and therefore treat this as a
dangling symlink. */
continue;
}
else
{
/* Some other file error; report the error. */
ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
goto cleanup; goto cleanup;
} }
}
if( !S_ISREG( sb.st_mode ) ) if( !S_ISREG( sb.st_mode ) )
continue; continue;