From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 6 Nov 2024 17:05:54 +0000 (+0100)
Subject: bootctl: Validate private key path
X-Git-Tag: v257-rc2~60^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4047b99c00eb9f5cdf2b6d1a6eb8b1a516421e07;p=thirdparty%2Fsystemd.git

bootctl: Validate private key path
---

diff --git a/src/bootctl/bootctl-install.c b/src/bootctl/bootctl-install.c
index a9e2eea4869..ebbdab0ce8a 100644
--- a/src/bootctl/bootctl-install.c
+++ b/src/bootctl/bootctl-install.c
@@ -960,6 +960,12 @@ int verb_install(int argc, char *argv[], void *userdata) {
                 if (r < 0)
                         return log_error_errno(r, "Failed to load X.509 certificate from %s: %m", arg_certificate);
 
+                if (arg_private_key_source_type == OPENSSL_KEY_SOURCE_FILE) {
+                        r = parse_path_argument(arg_private_key, /* suppress_root= */ false, &arg_private_key);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to parse private key path %s: %m", arg_private_key);
+                }
+
                 r = openssl_load_private_key(
                                 arg_private_key_source_type,
                                 arg_private_key_source,