diff options
author | David Kalnischkies <kalnischkies@gmail.com> | 2011-06-06 21:29:16 +0200 |
---|---|---|
committer | David Kalnischkies <kalnischkies@gmail.com> | 2011-06-06 21:29:16 +0200 |
commit | 2e3c9d6452e69dcb5c83732fbda27b747bc997f4 (patch) | |
tree | bc5e845c507f605f956964e45519ed4e73d7d341 /methods/gpgv.cc | |
parent | 89a1aa5dd55a3469c92720c7fcb90779f90b61f0 (diff) |
* apt-pkg/indexcopy.cc:
- Verify that the first line of an InRelease file is a PGP header
for a signed message. Otherwise a man-in-the-middle can prefix
a valid InRelease file with his own data! (CVE-2011-1829)
Diffstat (limited to 'methods/gpgv.cc')
-rw-r--r-- | methods/gpgv.cc | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/methods/gpgv.cc b/methods/gpgv.cc index efe1f73f7..960c06180 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -65,13 +65,16 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, return string("Couldn't spawn new process") + strerror(errno); else if (pid == 0) { - if (SigVerify::RunGPGV(outfile, file, 3, fd) == false) + _error->PushToStack(); + bool const success = SigVerify::RunGPGV(outfile, file, 3, fd); + if (success == false) { - // TRANSLATOR: %s is the trusted keyring parts directory - ioprintf(ret, _("No keyring installed in %s."), - _config->FindDir("Dir::Etc::TrustedParts").c_str()); - return ret.str(); + string errmsg; + _error->PopMessage(errmsg); + _error->RevertToStack(); + return errmsg; } + _error->RevertToStack(); exit(111); } close(fd[1]); |