[crypto] Fail fast if cross-certificate source is empty
In fully self-contained deployments it may be desirable to build iPXE with an empty CROSSCERT source to avoid talking to external services. Add an explicit check for this case and make validator_start_download fail immediately if the base URI is empty. Signed-off-by: Ladi Prosek <lprosek@redhat.com> Modified-by: Michael Brown <mcb30@ipxe.org> Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
parent
74d90b33f8
commit
0631a46a94
|
@ -239,6 +239,10 @@ static int validator_start_download ( struct validator *validator,
|
|||
/* Determine cross-signed certificate source */
|
||||
fetch_string_setting_copy ( NULL, &crosscert_setting, &crosscert_copy );
|
||||
crosscert = ( crosscert_copy ? crosscert_copy : crosscert_default );
|
||||
if ( ! crosscert[0] ) {
|
||||
rc = -EINVAL;
|
||||
goto err_check_uri_string;
|
||||
}
|
||||
|
||||
/* Allocate URI string */
|
||||
uri_string_len = ( strlen ( crosscert ) + 22 /* "/%08x.der?subject=" */
|
||||
|
@ -277,6 +281,7 @@ static int validator_start_download ( struct validator *validator,
|
|||
err_open_uri_string:
|
||||
free ( uri_string );
|
||||
err_alloc_uri_string:
|
||||
err_check_uri_string:
|
||||
free ( crosscert_copy );
|
||||
return rc;
|
||||
}
|
||||
|
|
Reference in New Issue