summaryrefslogtreecommitdiff
path: root/apt-pkg/contrib/srvrec.cc
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2016-12-05 23:01:25 +0100
committerJulian Andres Klode <jak@debian.org>2016-12-08 15:27:57 +0100
commit0bbbabb1b961b3b6541e7fdc8061fe6f282eafad (patch)
tree4cf88748dbcf2c210b60ec1631372f7ba2622290 /apt-pkg/contrib/srvrec.cc
parent2234ff7c2b143046fd196f544ca4baccc7e2b2ec (diff)
SECURITY UPDATE: gpgv: Check for errors when splitting files (CVE-2016-1252)
This fixes a security issue where signatures of the InRelease files could be circumvented in a man-in-the-middle attack, giving attackers the ability to serve any packages they want to a system, in turn giving them root access. It turns out that getline() may not only return EINVAL as stated in the documentation - it might also return in case of an error when allocating memory. This fix not only adds a check that reading worked correctly, it also implicitly checks that all writes worked by reporting any other error that occurred inside the loop and was logged by apt. Affected: >= 0.9.8 Reported-By: Jann Horn <jannh@google.com> Thanks: Jann Horn, Google Project Zero for reporting the issue LP: #1647467 (cherry picked from commit 51be550c5c38a2e1ddfc2af50a9fab73ccf78026) (cherry picked from commit 4ef9e0837ce139b398299431ae2294882f531d8e)
Diffstat (limited to 'apt-pkg/contrib/srvrec.cc')
0 files changed, 0 insertions, 0 deletions