p11-kit/trust-Fail-if-trust-anchors-are-not-loaded-from-a-fi.patch

From eb503f3a1467f21a5ecc9ae84ae23b216afc102f Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Tue, 25 Dec 2018 07:32:01 +0100
Subject: [PATCH 25/36] trust: Fail if trust anchors are not loaded from a file

If the trust path is a file, treat parse error as fatal and abort the
C_FindObjectsInit call.
---
 trust/module.c | 11 ++++++++---
 trust/token.c  |  6 +++---
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/trust/module.c b/trust/module.c
index 0c16a39..1722340 100644
--- a/trust/module.c
+++ b/trust/module.c
@@ -1198,11 +1198,16 @@ sys_C_FindObjectsInit (CK_SESSION_HANDLE handle,
 				indices[n++] = session->index;
 			if (want_token_objects) {
 				if (!session->loaded)
-					p11_token_load (session->token);
-				session->loaded = CK_TRUE;
-				indices[n++] = p11_token_index (session->token);
+					if (p11_token_load (session->token) < 0)
+						rv = CKR_FUNCTION_FAILED;
+				if (rv == CKR_OK) {
+					session->loaded = CK_TRUE;
+					indices[n++] = p11_token_index (session->token);
+				}
 			}
+		}
 
+		if (rv == CKR_OK) {
 			find = calloc (1, sizeof (FindObjects));
 			warn_if_fail (find != NULL);
 
diff --git a/trust/token.c b/trust/token.c
index fd3b043..030c17b 100644
--- a/trust/token.c
+++ b/trust/token.c
@@ -196,14 +196,14 @@ loader_load_file (p11_token *token,
 	default:
 		p11_debug ("failed to parse: %s", filename);
 		loader_gone_file (token, filename);
-		return 0;
+		return -1;
 	}
 
 	/* Update each parsed object with the origin */
 	parsed = p11_parser_parsed (token->parser);
 	for (i = 0; i < parsed->num; i++) {
 		parsed->elem[i] = p11_attrs_build (parsed->elem[i], origin, NULL);
-		return_val_if_fail (parsed->elem[i] != NULL, 0);
+		return_val_if_fail (parsed->elem[i] != NULL, -1);
 	}
 
 	p11_index_load (token->index);
@@ -215,7 +215,7 @@ loader_load_file (p11_token *token,
 
 	if (rv != CKR_OK) {
 		p11_message ("couldn't load file into objects: %s", filename);
-		return 0;
+		return -1;
 	}
 
 	loader_was_loaded (token, filename, sb);
-- 
2.19.1
Package init 2019-09-30 11:11:11 -04:00			`From eb503f3a1467f21a5ecc9ae84ae23b216afc102f Mon Sep 17 00:00:00 2001`
			`From: Daiki Ueno <dueno@redhat.com>`
			`Date: Tue, 25 Dec 2018 07:32:01 +0100`
			`Subject: [PATCH 25/36] trust: Fail if trust anchors are not loaded from a file`

			`If the trust path is a file, treat parse error as fatal and abort the`
			`C_FindObjectsInit call.`
			`---`
			`trust/module.c \| 11 ++++++++---`
			`trust/token.c \| 6 +++---`
			`2 files changed, 11 insertions(+), 6 deletions(-)`

			`diff --git a/trust/module.c b/trust/module.c`
			`index 0c16a39..1722340 100644`
			`--- a/trust/module.c`
			`+++ b/trust/module.c`
			`@@ -1198,11 +1198,16 @@ sys_C_FindObjectsInit (CK_SESSION_HANDLE handle,`
			`indices[n++] = session->index;`
			`if (want_token_objects) {`
			`if (!session->loaded)`
			`- p11_token_load (session->token);`
			`- session->loaded = CK_TRUE;`
			`- indices[n++] = p11_token_index (session->token);`
			`+ if (p11_token_load (session->token) < 0)`
			`+ rv = CKR_FUNCTION_FAILED;`
			`+ if (rv == CKR_OK) {`
			`+ session->loaded = CK_TRUE;`
			`+ indices[n++] = p11_token_index (session->token);`
			`+ }`
			`}`
			`+ }`

			`+ if (rv == CKR_OK) {`
			`find = calloc (1, sizeof (FindObjects));`
			`warn_if_fail (find != NULL);`

			`diff --git a/trust/token.c b/trust/token.c`
			`index fd3b043..030c17b 100644`
			`--- a/trust/token.c`
			`+++ b/trust/token.c`
			`@@ -196,14 +196,14 @@ loader_load_file (p11_token *token,`
			`default:`
			`p11_debug ("failed to parse: %s", filename);`
			`loader_gone_file (token, filename);`
			`- return 0;`
			`+ return -1;`
			`}`

			`/* Update each parsed object with the origin */`
			`parsed = p11_parser_parsed (token->parser);`
			`for (i = 0; i < parsed->num; i++) {`
			`parsed->elem[i] = p11_attrs_build (parsed->elem[i], origin, NULL);`
			`- return_val_if_fail (parsed->elem[i] != NULL, 0);`
			`+ return_val_if_fail (parsed->elem[i] != NULL, -1);`
			`}`

			`p11_index_load (token->index);`
			`@@ -215,7 +215,7 @@ loader_load_file (p11_token *token,`

			`if (rv != CKR_OK) {`
			`p11_message ("couldn't load file into objects: %s", filename);`
			`- return 0;`
			`+ return -1;`
			`}`

			`loader_was_loaded (token, filename, sb);`
			`--`
			`2.19.1`