diff options
| author | David Kalnischkies <kalnischkies@gmail.com> | 2010-06-09 10:52:45 +0200 |
|---|---|---|
| committer | David Kalnischkies <kalnischkies@gmail.com> | 2010-06-09 10:52:45 +0200 |
| commit | 308b793694774eece8765d172b8e989d8ed29925 (patch) | |
| tree | bad798009c7f2b857c060e299294f63eabc3b20f /apt-pkg/indexrecords.cc | |
| parent | 1aa9b2974d33015102224ffb738b2e8e0a4bcb42 (diff) | |
| parent | b02fffa64833e1f8e2617669d89de0a6d0882747 (diff) | |
- backport forgotten Valid-Until patch from the obsolete experimental
branch to prevent replay attacks better, thanks to Thomas Viehmann
for the initial patch! (Closes: #499897)
* doc/apt.conf.5.xml:
- document the new Valid-Until related options
* apt-pkg/contrib/strutl.cc:
- split StrToTime() into HTTP1.1 and FTP date parser methods and
use strptime() instead of some self-made scanf mangling
- use the portable timegm shown in his manpage instead of a strange
looking code copycat from wget
* ftparchive/writer.cc:
- add ValidTime option to generate a Valid-Until header in Release file
Diffstat (limited to 'apt-pkg/indexrecords.cc')
| -rw-r--r-- | apt-pkg/indexrecords.cc | 45 |
1 files changed, 42 insertions, 3 deletions
diff --git a/apt-pkg/indexrecords.cc b/apt-pkg/indexrecords.cc index 9a9600531..eb9a36866 100644 --- a/apt-pkg/indexrecords.cc +++ b/apt-pkg/indexrecords.cc @@ -7,8 +7,11 @@ #include <apt-pkg/tagfile.h> #include <apt-pkg/error.h> #include <apt-pkg/strutl.h> +#include <apt-pkg/configuration.h> #include <apti18n.h> #include <sys/stat.h> +#include <clocale> + /*}}}*/ string indexRecords::GetDist() const { @@ -26,6 +29,11 @@ string indexRecords::GetExpectedDist() const return this->ExpectedDist; } +time_t indexRecords::GetValidUntil() const +{ + return this->ValidUntil; +} + const indexRecords::checkSum *indexRecords::Lookup(const string MetaKey) { return Entries[MetaKey]; @@ -85,9 +93,40 @@ bool indexRecords::Load(const string Filename) /*{{{*/ { strprintf(ErrorText, _("No Hash entry in Release file %s"), Filename.c_str()); return false; - } + } + + string Label = Section.FindS("Label"); + string StrDate = Section.FindS("Date"); + string StrValidUntil = Section.FindS("Valid-Until"); + + // if we have a Valid-Until header in the Release file, use it as default + if (StrValidUntil.empty() == false) + { + if(RFC1123StrToTime(StrValidUntil.c_str(), ValidUntil) == false) + { + strprintf(ErrorText, _("Invalid 'Valid-Until' entry in Release file %s"), Filename.c_str()); + return false; + } + } + // get the user settings for this archive and use what expires earlier + int MaxAge = _config->FindI("Acquire::Max-ValidTime", 0); + if (Label.empty() == true) + MaxAge = _config->FindI(string("Acquire::Max-ValidTime::" + Label).c_str(), MaxAge); + + if(MaxAge == 0) // No user settings, use the one from the Release file + return true; + + time_t date; + if (RFC1123StrToTime(StrDate.c_str(), date) == false) + { + strprintf(ErrorText, _("Invalid 'Date' entry in Release file %s"), Filename.c_str()); + return false; + } + date += 24*60*60*MaxAge; + + if (ValidUntil == 0 || ValidUntil > date) + ValidUntil = date; - string Strdate = Section.FindS("Date"); // FIXME: verify this somehow? return true; } /*}}}*/ @@ -165,6 +204,6 @@ indexRecords::indexRecords() } indexRecords::indexRecords(const string ExpectedDist) : - ExpectedDist(ExpectedDist) + ExpectedDist(ExpectedDist), ValidUntil(0) { } |