mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-04-18 15:20:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

ITS#6703 from Rich Megginson @ Red Hat - reject non-files for cert/key pem files

Browse Source
This commit is contained in:
Howard Chu 2010-11-15 20:43:53 +00:00
parent 66fa1f6198
commit 208308d4dd
1 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
libraries/libldap/tls_m.c
View File

@ -1016,6 +1016,26 @@ tlsm_add_cert_from_file( tlsm_ctx *ctx, const char *filename, PRBool isca )
char *slotname = NULL;
const char *ptr = NULL;
char sep = PR_GetDirectorySeparator();
PRFileInfo fi;
PRStatus status;
memset( &fi, 0, sizeof(fi) );
status = PR_GetFileInfo( filename, &fi );
if ( PR_SUCCESS != status) {
PRErrorCode errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
"TLS: could not read certificate file %s - error %d:%s.\n",
filename, errcode,
PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
return -1;
}
if ( fi.type != PR_FILE_FILE ) {
Debug( LDAP_DEBUG_ANY,
"TLS: error: the certificate file %s is not a file.\n",
filename, 0 ,0 );
return -1;
}
attrs = theTemplate;
@ -1088,6 +1108,26 @@ tlsm_add_key_from_file( tlsm_ctx *ctx, const char *filename )
CK_BBOOL cktrue = CK_TRUE;
CK_OBJECT_CLASS objClass = CKO_PRIVATE_KEY;
int retcode = 0;
PRFileInfo fi;
PRStatus status;
memset( &fi, 0, sizeof(fi) );
status = PR_GetFileInfo( filename, &fi );
if ( PR_SUCCESS != status) {
PRErrorCode errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
"TLS: could not read key file %s - error %d:%s.\n",
filename, errcode,
PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ) );
return -1;
}
if ( fi.type != PR_FILE_FILE ) {
Debug( LDAP_DEBUG_ANY,
"TLS: error: the key file %s is not a file.\n",
filename, 0 ,0 );
return -1;
}
attrs = theTemplate;