guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

20/155: download: Protect against dangling symlinks in $SSL_CERT_DIR.


From: John Darrington
Subject: 20/155: download: Protect against dangling symlinks in $SSL_CERT_DIR.
Date: Wed, 21 Dec 2016 20:48:30 +0000 (UTC)

jmd pushed a commit to branch wip-installer
in repository guix.

commit bafbf73cd3c6ed3e3003cc91c214f3a1ca0721fd
Author: Ludovic Court├Ęs <address@hidden>
Date:   Fri Dec 16 18:00:01 2016 +0100

    download: Protect against dangling symlinks in $SSL_CERT_DIR.
    
    Reported by Christopher Baines <address@hidden>
    in <https://bugs.gnu.org/25213>.
    
    * guix/build/download.scm (make-credendials-with-ca-trust-files): Check
    whether FILE exists before calling
    'set-certificate-credentials-x509-trust-file!'.
---
 guix/build/download.scm |    9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/guix/build/download.scm b/guix/build/download.scm
index 8e32b3d..203338b 100644
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@@ -289,9 +289,12 @@ DIRECTORY.  Those authority certificates are checked when
                               (string-suffix? ".pem" file)))
                    '())))
     (for-each (lambda (file)
-                (set-certificate-credentials-x509-trust-file!
-                 cred (string-append directory "/" file)
-                 x509-certificate-format/pem))
+                (let ((file (string-append directory "/" file)))
+                  ;; Protect against dangling symlinks.
+                  (when (file-exists? file)
+                    (set-certificate-credentials-x509-trust-file!
+                     cred file
+                     x509-certificate-format/pem))))
               (or files '()))
     cred))
 



reply via email to

[Prev in Thread] Current Thread [Next in Thread]