From 5bfb9367ea8ff9be8bcc20308608bc78e20506de Mon Sep 17 00:00:00 2001
From: JianBo He <heeejianbo@gmail.com>
Date: Tue, 3 May 2022 17:54:00 +0800
Subject: [PATCH] chore(tls): guard empty pem/path string

---
 apps/emqx/src/emqx_tls_lib.erl        |  1 +
 apps/emqx/test/emqx_tls_lib_tests.erl | 11 +++++++++++
 2 files changed, 12 insertions(+)

diff --git a/apps/emqx/src/emqx_tls_lib.erl b/apps/emqx/src/emqx_tls_lib.erl
index 27373eb7c..4250ff430 100644
--- a/apps/emqx/src/emqx_tls_lib.erl
+++ b/apps/emqx/src/emqx_tls_lib.erl
@@ -368,6 +368,7 @@ do_ensure_ssl_file(Dir, Key, SSL, MaybePem, DryRun) ->
             end
     end.
 
+is_valid_string(Empty) when Empty == <<>>; Empty == "" -> false;
 is_valid_string(String) when is_list(String) ->
     io_lib:printable_unicode_list(String);
 is_valid_string(Binary) when is_binary(Binary) ->
diff --git a/apps/emqx/test/emqx_tls_lib_tests.erl b/apps/emqx/test/emqx_tls_lib_tests.erl
index 93a105ea3..22c480637 100644
--- a/apps/emqx/test/emqx_tls_lib_tests.erl
+++ b/apps/emqx/test/emqx_tls_lib_tests.erl
@@ -104,6 +104,17 @@ ssl_files_failure_test_() ->
             )
         end},
         {"bad_pem_string", fun() ->
+            %% empty string
+            ?assertMatch(
+                {error, #{
+                    reason := invalid_file_path_or_pem_string, which_options := [<<"keyfile">>]
+                }},
+                emqx_tls_lib:ensure_ssl_files("/tmp", #{
+                    <<"keyfile">> => <<>>,
+                    <<"certfile">> => bin(test_key()),
+                    <<"cacertfile">> => bin(test_key())
+                })
+            ),
             %% not valid unicode
             ?assertMatch(
                 {error, #{