ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2025-01-11 13:49:23 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

download: Protect against dangling symlinks in $SSL_CERT_DIR.

Browse source 
Reported by Christopher Baines <mail@cbaines.net>
in <https://bugs.gnu.org/25213>.

* guix/build/download.scm (make-credendials-with-ca-trust-files): Check
whether FILE exists before calling
'set-certificate-credentials-x509-trust-file!'.
This commit is contained in:
Ludovic Courtès 2016-12-16 18:00:01 +01:00
parent 99ec0cb397
commit 580deec5b4
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
guix/build/download.scm
View file

@ -289,9 +289,12 @@ (define (make-credendials-with-ca-trust-files directory)
(string-suffix? ".pem" file)))
'())))
(for-each (lambda (file)
(set-certificate-credentials-x509-trust-file!
cred (string-append directory "/" file)
x509-certificate-format/pem))
(let ((file (string-append directory "/" file)))
;; Protect against dangling symlinks.
(when (file-exists? file)
(set-certificate-credentials-x509-trust-file!
cred file
x509-certificate-format/pem))))
(or files '()))
cred))