diff options
| author | Michael Vogt <michael.vogt@ubuntu.com> | 2011-09-27 09:41:18 +0200 |
|---|---|---|
| committer | Michael Vogt <michael.vogt@ubuntu.com> | 2011-09-27 09:41:18 +0200 |
| commit | 7e6201fc0304bc1122bdef5884b741c42d097998 (patch) | |
| tree | 7b871a0d76ffb8bd62846fd22cee5eb64996a542 /cmdline/apt-key | |
| parent | b05401c0c26d60f08af1c48df89812f0e9c94bdb (diff) | |
fix apt-key net-update by erroring out if there are any duplicated keys in master-keyring and add-keyring (see lp #857472) and add regression test
Diffstat (limited to 'cmdline/apt-key')
| -rwxr-xr-x | cmdline/apt-key | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/cmdline/apt-key b/cmdline/apt-key index 4d2b7c49f..8a3f5ba54 100755 --- a/cmdline/apt-key +++ b/cmdline/apt-key @@ -50,6 +50,17 @@ add_keys_with_verify_against_master_keyring() { # from a key in the $distro-master-keyring add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5` master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5` + # verify to ensure that there are no key id duplications that may be + # used to attack the system, see LP: #857472 + for add_key in $add_keys; do + for master_key in $master_keys; do + if [ "$add_key" = "$master_key" ]; then + echo >&2 "Keyid collision for '$add_key' detected, operation aborted" + return 1 + fi + done + done + # add all keys signed with any of the master key(s) for add_key in $add_keys; do ADDED=0 for master_key in $master_keys; do |