diff options
| author | Daiki Ueno <dueno@redhat.com> | 2018-12-25 07:32:01 +0100 |
|---|---|---|
| committer | Daiki Ueno <ueno@gnu.org> | 2019-01-04 15:12:04 +0100 |
| commit | eb503f3a1467f21a5ecc9ae84ae23b216afc102f (patch) | |
| tree | f47577c78dfdabb6cf805eea0cba328ba6a47f4b | |
| parent | 0dd62395788ae566d3adef967611bce214a04435 (diff) | |
trust: Fail if trust anchors are not loaded from a file
If the trust path is a file, treat parse error as fatal and abort the
C_FindObjectsInit call.
| -rw-r--r-- | trust/module.c | 11 | ||||
| -rw-r--r-- | trust/token.c | 6 |
2 files changed, 11 insertions, 6 deletions
diff --git a/trust/module.c b/trust/module.c index 0c16a39..1722340 100644 --- a/trust/module.c +++ b/trust/module.c @@ -1198,11 +1198,16 @@ sys_C_FindObjectsInit (CK_SESSION_HANDLE handle, indices[n++] = session->index; if (want_token_objects) { if (!session->loaded) - p11_token_load (session->token); - session->loaded = CK_TRUE; - indices[n++] = p11_token_index (session->token); + if (p11_token_load (session->token) < 0) + rv = CKR_FUNCTION_FAILED; + if (rv == CKR_OK) { + session->loaded = CK_TRUE; + indices[n++] = p11_token_index (session->token); + } } + } + if (rv == CKR_OK) { find = calloc (1, sizeof (FindObjects)); warn_if_fail (find != NULL); diff --git a/trust/token.c b/trust/token.c index fd3b043..030c17b 100644 --- a/trust/token.c +++ b/trust/token.c @@ -196,14 +196,14 @@ loader_load_file (p11_token *token, default: p11_debug ("failed to parse: %s", filename); loader_gone_file (token, filename); - return 0; + return -1; } /* Update each parsed object with the origin */ parsed = p11_parser_parsed (token->parser); for (i = 0; i < parsed->num; i++) { parsed->elem[i] = p11_attrs_build (parsed->elem[i], origin, NULL); - return_val_if_fail (parsed->elem[i] != NULL, 0); + return_val_if_fail (parsed->elem[i] != NULL, -1); } p11_index_load (token->index); @@ -215,7 +215,7 @@ loader_load_file (p11_token *token, if (rv != CKR_OK) { p11_message ("couldn't load file into objects: %s", filename); - return 0; + return -1; } loader_was_loaded (token, filename, sb); |