diff options
author | Ludovic Courtès <ludo@gnu.org> | 2016-12-16 18:00:01 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2016-12-16 18:00:01 +0100 |
commit | 580deec5b44d623e994e59ef07e9e0c5496762fd (patch) | |
tree | d59a573d6c95f6993f58f8b26a9708088459322c | |
parent | 99ec0cb397453802788e7095724dcfbca3ca1723 (diff) | |
download | guix-580deec5b44d623e994e59ef07e9e0c5496762fd.tar guix-580deec5b44d623e994e59ef07e9e0c5496762fd.tar.gz |
download: Protect against dangling symlinks in $SSL_CERT_DIR.
Reported by Christopher Baines <mail@cbaines.net>
in <https://bugs.gnu.org/25213>.
* guix/build/download.scm (make-credendials-with-ca-trust-files): Check
whether FILE exists before calling
'set-certificate-credentials-x509-trust-file!'.
-rw-r--r-- | guix/build/download.scm | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/guix/build/download.scm b/guix/build/download.scm index 8e32b3d7ff..203338b527 100644 --- a/guix/build/download.scm +++ b/guix/build/download.scm @@ -289,9 +289,12 @@ DIRECTORY. Those authority certificates are checked when (string-suffix? ".pem" file))) '()))) (for-each (lambda (file) - (set-certificate-credentials-x509-trust-file! - cred (string-append directory "/" file) - x509-certificate-format/pem)) + (let ((file (string-append directory "/" file))) + ;; Protect against dangling symlinks. + (when (file-exists? file) + (set-certificate-credentials-x509-trust-file! + cred file + x509-certificate-format/pem)))) (or files '())) cred)) |