aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-12-16 18:00:01 +0100
committerLudovic Courtès <ludo@gnu.org>2016-12-16 18:00:01 +0100
commit580deec5b44d623e994e59ef07e9e0c5496762fd (patch)
treed59a573d6c95f6993f58f8b26a9708088459322c
parent99ec0cb397453802788e7095724dcfbca3ca1723 (diff)
downloadguix-580deec5b44d623e994e59ef07e9e0c5496762fd.tar
guix-580deec5b44d623e994e59ef07e9e0c5496762fd.tar.gz
download: Protect against dangling symlinks in $SSL_CERT_DIR.
Reported by Christopher Baines <mail@cbaines.net> in <https://bugs.gnu.org/25213>. * guix/build/download.scm (make-credendials-with-ca-trust-files): Check whether FILE exists before calling 'set-certificate-credentials-x509-trust-file!'.
-rw-r--r--guix/build/download.scm9
1 files changed, 6 insertions, 3 deletions
diff --git a/guix/build/download.scm b/guix/build/download.scm
index 8e32b3d7ff..203338b527 100644
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@@ -289,9 +289,12 @@ DIRECTORY. Those authority certificates are checked when
(string-suffix? ".pem" file)))
'())))
(for-each (lambda (file)
- (set-certificate-credentials-x509-trust-file!
- cred (string-append directory "/" file)
- x509-certificate-format/pem))
+ (let ((file (string-append directory "/" file)))
+ ;; Protect against dangling symlinks.
+ (when (file-exists? file)
+ (set-certificate-credentials-x509-trust-file!
+ cred file
+ x509-certificate-format/pem))))
(or files '()))
cred))