diff options
| author | Ladi Prosek | 2017-09-20 11:52:16 +0200 |
|---|---|---|
| committer | Michael Brown | 2017-09-24 18:56:04 +0200 |
| commit | 0631a46a94fdf86992f18b50921c42e42a822bab (patch) | |
| tree | aaa421a7992e9d3a3c6fc6cdc86482cabdc66b8e | |
| parent | [efi] Inhibit our driver Start() method during disconnection attempts (diff) | |
| download | ipxe-0631a46a94fdf86992f18b50921c42e42a822bab.tar.gz ipxe-0631a46a94fdf86992f18b50921c42e42a822bab.tar.xz ipxe-0631a46a94fdf86992f18b50921c42e42a822bab.zip | |
[crypto] Fail fast if cross-certificate source is empty
In fully self-contained deployments it may be desirable to build iPXE
with an empty CROSSCERT source to avoid talking to external services.
Add an explicit check for this case and make validator_start_download
fail immediately if the base URI is empty.
Signed-off-by: Ladi Prosek <lprosek@redhat.com>
Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
| -rw-r--r-- | src/net/validator.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/net/validator.c b/src/net/validator.c index 52845b6e..68abe1b5 100644 --- a/src/net/validator.c +++ b/src/net/validator.c @@ -239,6 +239,10 @@ static int validator_start_download ( struct validator *validator, /* Determine cross-signed certificate source */ fetch_string_setting_copy ( NULL, &crosscert_setting, &crosscert_copy ); crosscert = ( crosscert_copy ? crosscert_copy : crosscert_default ); + if ( ! crosscert[0] ) { + rc = -EINVAL; + goto err_check_uri_string; + } /* Allocate URI string */ uri_string_len = ( strlen ( crosscert ) + 22 /* "/%08x.der?subject=" */ @@ -277,6 +281,7 @@ static int validator_start_download ( struct validator *validator, err_open_uri_string: free ( uri_string ); err_alloc_uri_string: + err_check_uri_string: free ( crosscert_copy ); return rc; } |