summaryrefslogtreecommitdiff
path: root/test/integration/test-apt-key-net-update
diff options
context:
space:
mode:
authorMichael Vogt <michael.vogt@ubuntu.com>2012-06-14 16:18:20 +0200
committerMichael Vogt <michael.vogt@ubuntu.com>2012-06-14 16:18:20 +0200
commit33e4d8b32a0baef91342527cce16cd47bcb1ee60 (patch)
tree5df31fd024bdbbf796852ca52df4bd71a8f71cd0 /test/integration/test-apt-key-net-update
parenta423a554a821466eeea6865b1e226d8074c2abe6 (diff)
add extra paranoia against subkey attacks (and a regression test), LP: #1013128, thanks to jdstrand and mdeslaur and Geori Guinski
Diffstat (limited to 'test/integration/test-apt-key-net-update')
-rwxr-xr-xtest/integration/test-apt-key-net-update21
1 files changed, 21 insertions, 0 deletions
diff --git a/test/integration/test-apt-key-net-update b/test/integration/test-apt-key-net-update
index 452766b4d..d5205836f 100755
--- a/test/integration/test-apt-key-net-update
+++ b/test/integration/test-apt-key-net-update
@@ -49,6 +49,26 @@ else
msgpass
fi
+
+# test another possible attack vector using subkeys (LP: #1013128)
+msgtest "add_keys_with_verify_against_master_keyring with subkey attack"
+ADD_KEYRING=./keys/exploid-keyring-with-dupe-subkeys.pub
+if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
+ msgfail
+else
+ msgpass
+fi
+
+# ensure the keyring is still empty
+gpg_out=$($GPG --list-keys)
+msgtest "Test if keyring is empty"
+if [ -n "" ]; then
+ msgfail
+else
+ msgpass
+fi
+
+
# test good keyring and ensure we get no errors
ADD_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg
if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
@@ -72,3 +92,4 @@ uid Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubun
pub 4096R/EFE21092 2012-05-11
uid Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>
' $GPG --list-keys
+