bootctl: Validate private key path

diff --git a/src/bootctl/bootctl-install.c b/src/bootctl/bootctl-install.c
index a9e2eea486948bde02c8f3ff1956b0a578c729cf..ebbdab0ce8a882eab43f6ff73664db94660a3b68 100644 (file)
--- a/src/bootctl/bootctl-install.c
+++ b/src/bootctl/bootctl-install.c
@@ -960,6 +960,12 @@ int verb_install(int argc, char *argv[], void *userdata) {
                 if (r < 0)
                         return log_error_errno(r, "Failed to load X.509 certificate from %s: %m", arg_certificate);
 
+                if (arg_private_key_source_type == OPENSSL_KEY_SOURCE_FILE) {
+                        r = parse_path_argument(arg_private_key, /* suppress_root= */ false, &arg_private_key);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to parse private key path %s: %m", arg_private_key);
+                }
+
                 r = openssl_load_private_key(
                                 arg_private_key_source_type,
                                 arg_private_key_source,