Merge pull request #2602 from edsiper/crt-symlink
x509_crt: handle properly broken links when looking for certificates
This commit is contained in:
commit
b3edc1576c
5
ChangeLog.d/x509-broken-symlink-handling.txt
Normal file
5
ChangeLog.d/x509-broken-symlink-handling.txt
Normal file
@ -0,0 +1,5 @@
|
||||
Bugfix
|
||||
* Fix handling of broken symlinks when loading certificates using
|
||||
mbedtls_x509_crt_parse_path(). Instead of returning an error as soon as a
|
||||
broken link is encountered, skip the broken link and continue parsing
|
||||
other certificate files. Contributed by Eduardo Silva in #2602.
|
@ -82,6 +82,7 @@
|
||||
#else
|
||||
#include <dirent.h>
|
||||
#endif /* __MBED__ */
|
||||
#include <errno.h>
|
||||
#endif /* !_WIN32 || EFIX64 || EFI32 */
|
||||
#endif
|
||||
|
||||
@ -1658,8 +1659,22 @@ cleanup:
|
||||
}
|
||||
else if( stat( entry_name, &sb ) == -1 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
|
||||
goto cleanup;
|
||||
if( errno == ENOENT )
|
||||
{
|
||||
/* Broken symbolic link - ignore this entry.
|
||||
stat(2) will return this error for either (a) a dangling
|
||||
symlink or (b) a missing file.
|
||||
Given that we have just obtained the filename from readdir,
|
||||
assume that it does exist and therefore treat this as a
|
||||
dangling symlink. */
|
||||
continue;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Some other file error; report the error. */
|
||||
ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
|
||||
if( !S_ISREG( sb.st_mode ) )
|
||||
|
Loading…
Reference in New Issue
Block a user