In fully self-contained deployments it may be desirable to build iPXE with an empty CROSSCERT source to avoid talking to external services. This commit adds an explicit check for such a case and makes validator_start_download fail immediately if the base URI is empty.
Signed-off-by: Ladi Prosek <lpro...@redhat.com> --- src/net/validator.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/net/validator.c b/src/net/validator.c index 52845b6e..069ba0c8 100644 --- a/src/net/validator.c +++ b/src/net/validator.c @@ -240,6 +240,11 @@ static int validator_start_download ( struct validator *validator, fetch_string_setting_copy ( NULL, &crosscert_setting, &crosscert_copy ); crosscert = ( crosscert_copy ? crosscert_copy : crosscert_default ); + if ( ! *crosscert ) { + rc = -EINVAL; + goto err_check_uri_string; + } + /* Allocate URI string */ uri_string_len = ( strlen ( crosscert ) + 22 /* "/%08x.der?subject=" */ + base64_encoded_len ( issuer->len ) + 1 /* NUL */ ); @@ -276,6 +281,7 @@ static int validator_start_download ( struct validator *validator, err_open_uri_string: free ( uri_string ); + err_check_uri_string: err_alloc_uri_string: free ( crosscert_copy ); return rc; -- 2.13.5 _______________________________________________ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel