p11-kit/trust-Fail-if-trust-anchors-are-not-loaded-from-a-fi.patch

From eb503f3a1467f21a5ecc9ae84ae23b216afc102f Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Tue, 25 Dec 2018 07:32:01 +0100
Subject: [PATCH 25/36] trust: Fail if trust anchors are not loaded from a file

If the trust path is a file, treat parse error as fatal and abort the
C_FindObjectsInit call.
---
 trust/module.c | 11 ++++++++---
 trust/token.c  |  6 +++---
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/trust/module.c b/trust/module.c
index 0c16a39..1722340 100644
--- a/trust/module.c
+++ b/trust/module.c
@@ -1198,11 +1198,16 @@ sys_C_FindObjectsInit (CK_SESSION_HANDLE handle,
 				indices[n++] = session->index;
 			if (want_token_objects) {
 				if (!session->loaded)
-					p11_token_load (session->token);
-				session->loaded = CK_TRUE;
-				indices[n++] = p11_token_index (session->token);
+					if (p11_token_load (session->token) < 0)
+						rv = CKR_FUNCTION_FAILED;
+				if (rv == CKR_OK) {
+					session->loaded = CK_TRUE;
+					indices[n++] = p11_token_index (session->token);
+				}
 			}
+		}
 
+		if (rv == CKR_OK) {
 			find = calloc (1, sizeof (FindObjects));
 			warn_if_fail (find != NULL);
 
diff --git a/trust/token.c b/trust/token.c
index fd3b043..030c17b 100644
--- a/trust/token.c
+++ b/trust/token.c
@@ -196,14 +196,14 @@ loader_load_file (p11_token *token,
 	default:
 		p11_debug ("failed to parse: %s", filename);
 		loader_gone_file (token, filename);
-		return 0;
+		return -1;
 	}
 
 	/* Update each parsed object with the origin */
 	parsed = p11_parser_parsed (token->parser);
 	for (i = 0; i < parsed->num; i++) {
 		parsed->elem[i] = p11_attrs_build (parsed->elem[i], origin, NULL);
-		return_val_if_fail (parsed->elem[i] != NULL, 0);
+		return_val_if_fail (parsed->elem[i] != NULL, -1);
 	}
 
 	p11_index_load (token->index);
@@ -215,7 +215,7 @@ loader_load_file (p11_token *token,
 
 	if (rv != CKR_OK) {
 		p11_message ("couldn't load file into objects: %s", filename);
-		return 0;
+		return -1;
 	}
 
 	loader_was_loaded (token, filename, sb);
-- 
2.19.1