summaryrefslogtreecommitdiff
path: root/apt-pkg
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2019-03-04 13:17:00 +0000
committerJulian Andres Klode <jak@debian.org>2019-03-04 13:17:00 +0000
commit6f0b5269896c04f4afb6a74ce0c3e76bfe51e2d3 (patch)
tree45aeed4ec6433b8cc20641017c06fc3d940427f3 /apt-pkg
parentc3005277c395c7bcb81f470e3e0466e2fd3ab38e (diff)
parent3e3638dc9389591cfd30baa6c41d85c31127402a (diff)
Merge branch 'bugfix/reportbinarysig' into '1.8.y'
Add explicit message for unsupported binary signature See merge request apt-team/apt!52
Diffstat (limited to 'apt-pkg')
-rw-r--r--apt-pkg/contrib/gpgv.cc18
1 files changed, 16 insertions, 2 deletions
diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc
index 35d859849..d956eaf00 100644
--- a/apt-pkg/contrib/gpgv.cc
+++ b/apt-pkg/contrib/gpgv.cc
@@ -297,10 +297,24 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
}
if (found_signatures == 0 && statusfd != -1)
{
- // This is not an attack attempt but a file even gpgv would complain about
- // likely the result of a paywall which is covered by the gpgv method
auto const errtag = "[GNUPG:] NODATA\n";
FileFd::Write(fd[1], errtag, strlen(errtag));
+ // guess if this is a binary signature, we never officially supported them,
+ // but silently accepted them via passing them unchecked to gpgv
+ if (found_badcontent)
+ {
+ rewind(detached.get());
+ auto ptag = fgetc(detached.get());
+ // ยง4.2 says that the first bit is always set and gpg seems to generate
+ // only old format which is indicated by the second bit not set
+ if (ptag != EOF && (ptag & 0x80) != 0 && (ptag & 0x40) == 0)
+ {
+ apt_error(std::cerr, statusfd, fd, "Detached signature file '%s' is in unsupported binary format", FileGPG.c_str());
+ local_exit(112);
+ }
+ }
+ // This is not an attack attempt but a file even gpgv would complain about
+ // likely the result of a paywall which is covered by the gpgv method
local_exit(113);
}
else if (found_badcontent)