cc67a2e864
- Add mokutil-check-corrupted-key-list.patch to check whether the key list is corrupted or not - Add mokutil-no-invalid-x509.patch to avoid importing an invalid x509 certificate OBS-URL: https://build.opensuse.org/request/show/229568 OBS-URL: https://build.opensuse.org/package/show/Base:System/mokutil?expand=0&rev=22
29 lines
888 B
Diff
29 lines
888 B
Diff
From 0806111a850304a0490376d568ea5bf74fcdbd04 Mon Sep 17 00:00:00 2001
|
|
From: Gary Ching-Pang Lin <glin@suse.com>
|
|
Date: Thu, 10 Apr 2014 12:37:54 +0800
|
|
Subject: [PATCH] Don't import an invalid x509 cert
|
|
|
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
---
|
|
src/mokutil.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/mokutil.c b/src/mokutil.c
|
|
index 6792823..cdb5739 100644
|
|
--- a/src/mokutil.c
|
|
+++ b/src/mokutil.c
|
|
@@ -1265,8 +1265,9 @@ issue_mok_request (char **files, uint32_t total, MokRequest req,
|
|
goto error;
|
|
}
|
|
if (!is_valid_cert (ptr, read_size)) {
|
|
- fprintf (stderr, "Warning!!! %s is not a valid x509 certificate in DER format\n",
|
|
+ fprintf (stderr, "Abort!!! %s is not a valid x509 certificate in DER format\n",
|
|
files[i]);
|
|
+ goto error;
|
|
}
|
|
|
|
if (is_valid_request (EfiCertX509Guid, ptr, sizes[i], req)) {
|
|
--
|
|
1.8.4.5
|
|
|