From: Mike Yuan <me@yhndnzj.com>
Date: Wed, 31 Jul 2024 21:38:25 +0000 (+0200)
Subject: core/exec-credential: emit correct error on invalid cred source
X-Git-Tag: v257-rc1~740^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4c00458e99df7c5e0a0b1e62dcaab8c90f6e4ed2;p=thirdparty%2Fsystemd.git

core/exec-credential: emit correct error on invalid cred source

The (!source && !search_path) branch is effectively not reached,
but rather confusing. Let's return -EINVAL properly.
---

diff --git a/src/core/exec-credential.c b/src/core/exec-credential.c
index e06fc21c315..695c820f9c8 100644
--- a/src/core/exec-credential.c
+++ b/src/core/exec-credential.c
@@ -547,10 +547,10 @@ static int load_credential(
 
         ReadFullFileFlags flags = READ_FULL_FILE_SECURE|READ_FULL_FILE_FAIL_WHEN_LARGER;
         _cleanup_strv_free_ char **search_path = NULL;
-        _cleanup_(erase_and_freep) char *data = NULL;
         _cleanup_free_ char *bindname = NULL;
         const char *source = NULL;
-        bool missing_ok = true;
+        bool missing_ok;
+        _cleanup_(erase_and_freep) char *data = NULL;
         size_t size, maxsz;
         int r;
 
@@ -603,7 +603,7 @@ static int load_credential(
 
                 missing_ok = true;
         } else
-                source = NULL;
+                return -EINVAL;
 
         if (args->encrypted) {
                 flags |= READ_FULL_FILE_UNBASE64;
@@ -638,7 +638,7 @@ static int load_credential(
                                 bindname,
                                 &data, &size);
         else
-                r = -ENOENT;
+                assert_not_reached();
 
         if (r == -ENOENT && (missing_ok || hashmap_contains(args->context->set_credentials, id))) {
                 /* Make a missing inherited credential non-fatal, let's just continue. After all apps