Merge pull request #2602 from edsiper/crt-symlink
x509_crt: handle properly broken links when looking for certificates
This commit is contained in:
Gilles Peskine
GitHub
commit
b3edc1576c
2 changed files with 22 additions and 2 deletions
5
ChangeLog.d/x509-broken-symlink-handling.txt
Normal file
5
ChangeLog.d/x509-broken-symlink-handling.txt
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
Bugfix
|
||||||
|
* Fix handling of broken symlinks when loading certificates using
|
||||||
|
mbedtls_x509_crt_parse_path(). Instead of returning an error as soon as a
|
||||||
|
broken link is encountered, skip the broken link and continue parsing
|
||||||
|
other certificate files. Contributed by Eduardo Silva in #2602.
|
||||||
|
|
@ -82,6 +82,7 @@
|
||||||
#else
|
#else
|
||||||
#include <dirent.h>
|
#include <dirent.h>
|
||||||
#endif /* __MBED__ */
|
#endif /* __MBED__ */
|
||||||
|
#include <errno.h>
|
||||||
#endif /* !_WIN32 || EFIX64 || EFI32 */
|
#endif /* !_WIN32 || EFIX64 || EFI32 */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
@ -1658,8 +1659,22 @@ cleanup:
|
||||||
}
|
}
|
||||||
else if( stat( entry_name, &sb ) == -1 )
|
else if( stat( entry_name, &sb ) == -1 )
|
||||||
{
|
{
|
||||||
ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
|
if( errno == ENOENT )
|
||||||
goto cleanup;
|
{
|
||||||
|
/* Broken symbolic link - ignore this entry.
|
||||||
|
stat(2) will return this error for either (a) a dangling
|
||||||
|
symlink or (b) a missing file.
|
||||||
|
Given that we have just obtained the filename from readdir,
|
||||||
|
assume that it does exist and therefore treat this as a
|
||||||
|
dangling symlink. */
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* Some other file error; report the error. */
|
||||||
|
ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if( !S_ISREG( sb.st_mode ) )
|
if( !S_ISREG( sb.st_mode ) )
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue