pkg/asset/ignition/bootstrap: exit loop if pem.Decode() fails

https://bugzilla.redhat.com/show_bug.cgi?id=1891702
openshift · Oct 28, 2020 · a676b27 · a676b27
1 parent 879e9bb
commit a676b27
Showing 1 changed file with 12 additions and 13 deletions.
diff --git a/pkg/asset/ignition/bootstrap/bootstrap.go b/pkg/asset/ignition/bootstrap/bootstrap.go
@@ -579,23 +579,22 @@ func warnIfCertificatesExpired(config *igntypes.Config) {
 			data := decoded.Data
 			for {
 				block, rest := pem.Decode(data)
-				if block != nil {
-					cert, err := x509.ParseCertificate(block.Bytes)
-					if err == nil {
-						if time.Now().UTC().After(cert.NotAfter) {
-							logrus.Warnf("Bootstrap Ignition-Config Certificate %s expired at %s.", path.Base(file.Path), cert.NotAfter.Format(time.RFC3339))
-							expiredCerts++
-						}
-					} else {
-						logrus.Debugf("Unable to parse certificate %s: %s", fileName, err.Error())
-						break
-					}
+				if block == nil {
+					break
 				}
-				if len(rest) > 0 {
-					data = rest
+
+				cert, err := x509.ParseCertificate(block.Bytes)
+				if err == nil {
+					if time.Now().UTC().After(cert.NotAfter) {
+						logrus.Warnf("Bootstrap Ignition-Config Certificate %s expired at %s.", path.Base(file.Path), cert.NotAfter.Format(time.RFC3339))
+						expiredCerts++
+					}
 				} else {
+					logrus.Debugf("Unable to parse certificate %s: %s", fileName, err.Error())
 					break
 				}
+
+				data = rest
 			}
 		}
 	}