system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-09 04:36:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

libsecureboot: do not accept certificate we cannot decode

Browse Source 
Although we care more about the CN of a certificate than its status
(for purpose of reporting), we should skip if we have errors decoding.

Reviewed by:	stevek
Sponsored by:	Juniper Networks, Inc.
This commit is contained in:
Simon J. Gerraty 2023-07-05 12:37:14 -07:00
parent ba8cc6d727
commit 9c3478cb22
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/libsecureboot/vets.c
View File

@ -243,12 +243,10 @@ x509_cn_get(br_x509_certificate *xc, char *buf, size_t len)
mc.vtable->end_cert(&mc.vtable);
/* we don't actually care about cert status - just its name */
err = mc.vtable->end_chain(&mc.vtable);
(void)err; /* keep compiler quiet */
if (!cn.status) {
if (cn.status <= 0)
buf = NULL;
if (err == 0) /* keep compiler happy */
buf = NULL;
}
return (buf);
}