From 805f3b73dc0dd8aa2ff69b00fa0bed2c2d71b572 Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Sun, 21 Aug 2022 00:44:35 +0100
Subject: [PATCH] sign-req: Enforce X509-type files exist and are used. (#581)

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 684c846..c1aa3fe 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -1560,6 +1560,8 @@ expected 2, got $# (see command help for usage)"
 	# Cert type must exist under the EASYRSA_EXT_DIR
 	[ -e "$EASYRSA_EXT_DIR/$crt_type" ] || die "\
 Unknown cert type '$crt_type'"
+	[ -e "$EASYRSA_EXT_DIR/COMMON" ] || die "\
+Missing cert type 'COMMON'"
 
 	# Cert type must NOT be COMMON
 	[ "$crt_type" != COMMON ] || die "\
@@ -1629,8 +1631,10 @@ $(display_dn req "$req_in")
 	ext_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
 	{
 		# Append first any COMMON file (if present) then the cert-type extensions
-		cat "$EASYRSA_EXT_DIR/COMMON"
-		cat "$EASYRSA_EXT_DIR/$crt_type"
+		cat "$EASYRSA_EXT_DIR/COMMON" || \
+			die "Failed to read X509-type COMMON"
+		cat "$EASYRSA_EXT_DIR/$crt_type" || \
+			die "Failed to read X509-type $crt_type"
 
 		# Support a dynamic CA path length when present:
 		[ "$crt_type" = "ca" ] && [ "$EASYRSA_SUBCA_LEN" ] && \