]> granicus.if.org Git - p11-kit/commitdiff
trust: Fail if trust anchors are not loaded from a file
authorDaiki Ueno <dueno@redhat.com>
Tue, 25 Dec 2018 06:32:01 +0000 (07:32 +0100)
committerDaiki Ueno <ueno@gnu.org>
Fri, 4 Jan 2019 14:12:04 +0000 (15:12 +0100)
If the trust path is a file, treat parse error as fatal and abort the
C_FindObjectsInit call.

trust/module.c
trust/token.c

index 0c16a39ea5809c196fa7cf5d374a16867ab8aacf..1722340f926cca5c5a88518daf7a852f1ca7d988 100644 (file)
@@ -1198,11 +1198,16 @@ sys_C_FindObjectsInit (CK_SESSION_HANDLE handle,
                                indices[n++] = session->index;
                        if (want_token_objects) {
                                if (!session->loaded)
-                                       p11_token_load (session->token);
-                               session->loaded = CK_TRUE;
-                               indices[n++] = p11_token_index (session->token);
+                                       if (p11_token_load (session->token) < 0)
+                                               rv = CKR_FUNCTION_FAILED;
+                               if (rv == CKR_OK) {
+                                       session->loaded = CK_TRUE;
+                                       indices[n++] = p11_token_index (session->token);
+                               }
                        }
+               }
 
+               if (rv == CKR_OK) {
                        find = calloc (1, sizeof (FindObjects));
                        warn_if_fail (find != NULL);
 
index fd3b04368d72b1d77042dffc3b2328164938ac23..030c17b8c61122c005e6ab3ab6a2c9c07686b2d4 100644 (file)
@@ -196,14 +196,14 @@ loader_load_file (p11_token *token,
        default:
                p11_debug ("failed to parse: %s", filename);
                loader_gone_file (token, filename);
-               return 0;
+               return -1;
        }
 
        /* Update each parsed object with the origin */
        parsed = p11_parser_parsed (token->parser);
        for (i = 0; i < parsed->num; i++) {
                parsed->elem[i] = p11_attrs_build (parsed->elem[i], origin, NULL);
-               return_val_if_fail (parsed->elem[i] != NULL, 0);
+               return_val_if_fail (parsed->elem[i] != NULL, -1);
        }
 
        p11_index_load (token->index);
@@ -215,7 +215,7 @@ loader_load_file (p11_token *token,
 
        if (rv != CKR_OK) {
                p11_message ("couldn't load file into objects: %s", filename);
-               return 0;
+               return -1;
        }
 
        loader_was_loaded (token, filename, sb);