summaryrefslogtreecommitdiff
path: root/apt-pkg
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2016-12-16 19:50:48 +0100
committerDavid Kalnischkies <david@kalnischkies.de>2016-12-31 02:29:19 +0100
commit6376dfb8dfb99b9d182c2fb13aa34b2ac89805e3 (patch)
treed22e9bdf482821c1e1496f27e3ff28735eff07e7 /apt-pkg
parent4ce2f35248123ff2366c8c365ad6a94945578d66 (diff)
warn if clearsigned file has ignored content parts
Clearsigned files like InRelease, .dsc, .changes and co can potentially include unsigned or additional messages blocks ignored by gpg in verification, but a potential source of trouble in our own parsing attempts – and an unneeded risk as the usecases for the clearsigned files we deal with do not reasonably include unsigned parts (like emails or some such). This commit changes the silent ignoring to warnings for now to get an impression on how widespread unintended unsigned parts are, but eventually we want to turn these into hard errors.
Diffstat (limited to 'apt-pkg')
-rw-r--r--apt-pkg/contrib/gpgv.cc19
1 files changed, 17 insertions, 2 deletions
diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc
index b6c4b6e08..0878a7ffb 100644
--- a/apt-pkg/contrib/gpgv.cc
+++ b/apt-pkg/contrib/gpgv.cc
@@ -145,7 +145,6 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
}
enum { DETACHED, CLEARSIGNED } releaseSignature = (FileGPG != File) ? DETACHED : CLEARSIGNED;
- std::vector<std::string> dataHeader;
char * sig = NULL;
char * data = NULL;
char * conf = nullptr;
@@ -204,7 +203,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
message.OpenDescriptor(dataFd, FileFd::WriteOnly, true);
if (signature.Failed() == true || message.Failed() == true ||
- SplitClearSignedFile(File, &message, &dataHeader, &signature) == false)
+ SplitClearSignedFile(File, &message, nullptr, &signature) == false)
{
apt_error(std::cerr, statusfd, fd, "Splitting up %s into data and signature failed", File.c_str());
local_exit(112);
@@ -313,6 +312,8 @@ bool SplitClearSignedFile(std::string const &InFile, FileFd * const ContentFile,
bool skip_until_empty_line = false;
bool found_signature = false;
bool first_line = true;
+ bool signed_message_not_on_first_line = false;
+ bool found_garbage = false;
char *buf = NULL;
size_t buf_size = 0;
@@ -327,6 +328,8 @@ bool SplitClearSignedFile(std::string const &InFile, FileFd * const ContentFile,
found_message_start = true;
skip_until_empty_line = true;
}
+ else
+ signed_message_not_on_first_line = found_garbage = true;
}
else if (skip_until_empty_line == true)
{
@@ -364,6 +367,8 @@ bool SplitClearSignedFile(std::string const &InFile, FileFd * const ContentFile,
if (ContentFile != NULL)
ContentFile->Write(dashfree, strlen(dashfree));
}
+ else
+ found_garbage = true;
}
else if (found_signature == true)
{
@@ -376,6 +381,8 @@ bool SplitClearSignedFile(std::string const &InFile, FileFd * const ContentFile,
found_signature = false; // look for other signatures
}
// all the rest is whitespace, unsigned garbage or additional message blocks we ignore
+ else
+ found_garbage = true;
}
fclose(in);
if (buf != NULL)
@@ -387,6 +394,14 @@ bool SplitClearSignedFile(std::string const &InFile, FileFd * const ContentFile,
if (ContentFile != nullptr)
ContentFile->Flush();
+ if (found_message_start)
+ {
+ if (signed_message_not_on_first_line)
+ _error->Warning("Clearsigned file '%s' does not start with a signed message block.", InFile.c_str());
+ else if (found_garbage)
+ _error->Warning("Clearsigned file '%s' contains unsigned lines.", InFile.c_str());
+ }
+
// An error occured during reading - propagate it up
bool const hasErrored = _error->PendingError();
_error->MergeWithStack();