show a more descriptive error for weak Release files

If we can't work with the hashes we parsed from the Release file we display now an error message if the Release file includes only weak hashes instead of downloading the indexes and failing to verify them with "Hash Sum mismatch" even through the hashes didn't mismatch (they were just weak). If for some (unlikely) reason we have got weak hashes only for individual targets we will show a warning to this effect (again, befor downloading and failing the index itself). Closes: 806459
author: David Kalnischkies <david@kalnischkies.de> 2015-12-14 02:18:25 +0100
committer: David Kalnischkies <david@kalnischkies.de> 2015-12-14 02:26:23 +0100
commit: bd4a8f51649ee37291c6e07310104a94f4f5fbed (patch)
tree: 6ec200a62164dd318cc675a180cfb11c0e7d5c60 /apt-pkg/deb/debmetaindex.cc
parent: 8deda84ed86bae6bfa83f5c25d15fd4611c637c0 (diff)
1 files changed, 15 insertions, 4 deletions
diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc
index 930286a41..c8026aedf 100644
--- a/apt-pkg/deb/debmetaindex.cc
+++ b/apt-pkg/deb/debmetaindex.cc
@@ -348,9 +348,11 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro
    }
 
    bool FoundHashSum = false;
-   for (int i=0;HashString::SupportedHashes()[i] != NULL; i++)
+   bool FoundStrongHashSum = false;
+   auto const SupportedHashes = HashString::SupportedHashes();
+   for (int i=0; SupportedHashes[i] != NULL; i++)
    {
-      if (!Section.Find(HashString::SupportedHashes()[i], Start, End))
+      if (!Section.Find(SupportedHashes[i], Start, End))
 	 continue;
 
       std::string Name;
@@ -361,17 +363,20 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro
 	 if (!parseSumData(Start, End, Name, Hash, Size))
 	    return false;
 
+	 HashString const hs(SupportedHashes[i], Hash);
          if (Entries.find(Name) == Entries.end())
          {
             metaIndex::checkSum *Sum = new metaIndex::checkSum;
             Sum->MetaKeyFilename = Name;
             Sum->Size = Size;
 	    Sum->Hashes.FileSize(Size);
-            APT_IGNORE_DEPRECATED(Sum->Hash = HashString(HashString::SupportedHashes()[i],Hash);)
+            APT_IGNORE_DEPRECATED(Sum->Hash = hs;)
             Entries[Name] = Sum;
          }
-         Entries[Name]->Hashes.push_back(HashString(HashString::SupportedHashes()[i],Hash));
+         Entries[Name]->Hashes.push_back(hs);
          FoundHashSum = true;
+	 if (FoundStrongHashSum == false && hs.usable() == true)
+	    FoundStrongHashSum = true;
       }
    }
 
@@ -381,6 +386,12 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro
 	 strprintf(*ErrorText, _("No Hash entry in Release file %s"), Filename.c_str());
       return false;
    }
+   if(FoundStrongHashSum == false)
+   {
+      if (ErrorText != NULL)
+	 strprintf(*ErrorText, _("No Hash entry in Release file %s, which is considered strong enough for security purposes"), Filename.c_str());
+      return false;
+   }
 
    std::string const StrDate = Section.FindS("Date");
    if (RFC1123StrToTime(StrDate.c_str(), Date) == false)
author	David Kalnischkies <david@kalnischkies.de>	2015-12-14 02:18:25 +0100
committer	David Kalnischkies <david@kalnischkies.de>	2015-12-14 02:26:23 +0100
commit	bd4a8f51649ee37291c6e07310104a94f4f5fbed (patch)
tree	6ec200a62164dd318cc675a180cfb11c0e7d5c60 /apt-pkg/deb/debmetaindex.cc
parent	8deda84ed86bae6bfa83f5c25d15fd4611c637c0 (diff)