From eb503f3a1467f21a5ecc9ae84ae23b216afc102f Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Tue, 25 Dec 2018 07:32:01 +0100
Subject: trust: Fail if trust anchors are not loaded from a file

If the trust path is a file, treat parse error as fatal and abort the
C_FindObjectsInit call.
---
 trust/module.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'trust/module.c')

diff --git a/trust/module.c b/trust/module.c
index 0c16a39..1722340 100644
--- a/trust/module.c
+++ b/trust/module.c
@@ -1198,11 +1198,16 @@ sys_C_FindObjectsInit (CK_SESSION_HANDLE handle,
 				indices[n++] = session->index;
 			if (want_token_objects) {
 				if (!session->loaded)
-					p11_token_load (session->token);
-				session->loaded = CK_TRUE;
-				indices[n++] = p11_token_index (session->token);
+					if (p11_token_load (session->token) < 0)
+						rv = CKR_FUNCTION_FAILED;
+				if (rv == CKR_OK) {
+					session->loaded = CK_TRUE;
+					indices[n++] = p11_token_index (session->token);
+				}
 			}
+		}
 
+		if (rv == CKR_OK) {
 			find = calloc (1, sizeof (FindObjects));
 			warn_if_fail (find != NULL);
 
-- 
cgit v1.1