Merge pull request #2602 from edsiper/crt-symlink

x509_crt: handle properly broken links when looking for certificates
This commit is contained in:
Gilles Peskine 2022-08-03 13:05:29 +02:00 committed by GitHub
commit b3edc1576c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 2 deletions

View File

@ -0,0 +1,5 @@
Bugfix
* Fix handling of broken symlinks when loading certificates using
mbedtls_x509_crt_parse_path(). Instead of returning an error as soon as a
broken link is encountered, skip the broken link and continue parsing
other certificate files. Contributed by Eduardo Silva in #2602.

View File

@ -82,6 +82,7 @@
#else
#include <dirent.h>
#endif /* __MBED__ */
#include <errno.h>
#endif /* !_WIN32 || EFIX64 || EFI32 */
#endif
@ -1658,8 +1659,22 @@ cleanup:
}
else if( stat( entry_name, &sb ) == -1 )
{
ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
goto cleanup;
if( errno == ENOENT )
{
/* Broken symbolic link - ignore this entry.
stat(2) will return this error for either (a) a dangling
symlink or (b) a missing file.
Given that we have just obtained the filename from readdir,
assume that it does exist and therefore treat this as a
dangling symlink. */
continue;
}
else
{
/* Some other file error; report the error. */
ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
goto cleanup;
}
}
if( !S_ISREG( sb.st_mode ) )