-
由 Eric Biggers 提交于
pkcs7_validate_trust_one() used 'x509->next == x509' to identify a self-signed certificate. That's wrong; ->next is simply the link in the linked list of certificates in the PKCS#7 message. It should be checking ->signer instead. Fix it. Fortunately this didn't actually matter because when we re-visited 'x509' on the next iteration via 'x509->signer', it was already seen and not verified, so we returned -ENOKEY anyway. Signed-off-by: NEric Biggers <ebiggers@google.com> Signed-off-by: NDavid Howells <dhowells@redhat.com> Reviewed-by: NJames Morris <james.l.morris@oracle.com>
7204eb85