From 4047b99c00eb9f5cdf2b6d1a6eb8b1a516421e07 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 6 Nov 2024 18:05:54 +0100
Subject: [PATCH] bootctl: Validate private key path

---
 src/bootctl/bootctl-install.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/bootctl/bootctl-install.c b/src/bootctl/bootctl-install.c
index a9e2eea4869..ebbdab0ce8a 100644
--- a/src/bootctl/bootctl-install.c
+++ b/src/bootctl/bootctl-install.c
@@ -960,6 +960,12 @@ int verb_install(int argc, char *argv[], void *userdata) {
                 if (r < 0)
                         return log_error_errno(r, "Failed to load X.509 certificate from %s: %m", arg_certificate);
 
+                if (arg_private_key_source_type == OPENSSL_KEY_SOURCE_FILE) {
+                        r = parse_path_argument(arg_private_key, /* suppress_root= */ false, &arg_private_key);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to parse private key path %s: %m", arg_private_key);
+                }
+
                 r = openssl_load_private_key(
                                 arg_private_key_source_type,
                                 arg_private_key_source,