From 580deec5b44d623e994e59ef07e9e0c5496762fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Fri, 16 Dec 2016 18:00:01 +0100
Subject: [PATCH] download: Protect against dangling symlinks in $SSL_CERT_DIR.

Reported by Christopher Baines <mail@cbaines.net>
in <https://bugs.gnu.org/25213>.

* guix/build/download.scm (make-credendials-with-ca-trust-files): Check
whether FILE exists before calling
'set-certificate-credentials-x509-trust-file!'.
---
 guix/build/download.scm | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/guix/build/download.scm b/guix/build/download.scm
index 8e32b3d7ff..203338b527 100644
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@@ -289,9 +289,12 @@ DIRECTORY.  Those authority certificates are checked when
                               (string-suffix? ".pem" file)))
                    '())))
     (for-each (lambda (file)
-                (set-certificate-credentials-x509-trust-file!
-                 cred (string-append directory "/" file)
-                 x509-certificate-format/pem))
+                (let ((file (string-append directory "/" file)))
+                  ;; Protect against dangling symlinks.
+                  (when (file-exists? file)
+                    (set-certificate-credentials-x509-trust-file!
+                     cred file
+                     x509-certificate-format/pem))))
               (or files '()))
     cred))