summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xcmdline/apt-key14
-rw-r--r--test/integration/exploid-keyring-with-dupe-subkeys.pubbin0 -> 2016 bytes
-rwxr-xr-xtest/integration/test-apt-key-net-update21
3 files changed, 29 insertions, 6 deletions
diff --git a/cmdline/apt-key b/cmdline/apt-key
index dda3c1b43..6e85b7353 100755
--- a/cmdline/apt-key
+++ b/cmdline/apt-key
@@ -50,18 +50,20 @@ add_keys_with_verify_against_master_keyring() {
# all keys that are exported must have a valid signature
# from a key in the $distro-master-keyring
add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5`
+ all_add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^[ps]ub | cut -d: -f5`
master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5`
-
- for add_key in $add_keys; do
- # ensure there are no colisions LP: #857472
+ # ensure there are no colisions LP: #857472
+ for all_add_key in $all_add_keys; do
for master_key in $master_keys; do
- if [ "$add_key" = "$master_key" ]; then
- echo >&2 "Keyid collision for '$add_key' detected, operation aborted"
+ if [ "$all_add_key" = "$master_key" ]; then
+ echo >&2 "Keyid collision for '$all_add_key' detected, operation aborted"
return 1
fi
done
-
+ done
+
+ for add_key in $add_keys; do
# export the add keyring one-by-one
rm -f $TMP_KEYRING
$GPG_CMD --keyring $ADD_KEYRING --output $TMP_KEYRING --export $add_key
diff --git a/test/integration/exploid-keyring-with-dupe-subkeys.pub b/test/integration/exploid-keyring-with-dupe-subkeys.pub
new file mode 100644
index 000000000..02d4e6ee8
--- /dev/null
+++ b/test/integration/exploid-keyring-with-dupe-subkeys.pub
Binary files differ
diff --git a/test/integration/test-apt-key-net-update b/test/integration/test-apt-key-net-update
index 452766b4d..d5205836f 100755
--- a/test/integration/test-apt-key-net-update
+++ b/test/integration/test-apt-key-net-update
@@ -49,6 +49,26 @@ else
msgpass
fi
+
+# test another possible attack vector using subkeys (LP: #1013128)
+msgtest "add_keys_with_verify_against_master_keyring with subkey attack"
+ADD_KEYRING=./keys/exploid-keyring-with-dupe-subkeys.pub
+if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
+ msgfail
+else
+ msgpass
+fi
+
+# ensure the keyring is still empty
+gpg_out=$($GPG --list-keys)
+msgtest "Test if keyring is empty"
+if [ -n "" ]; then
+ msgfail
+else
+ msgpass
+fi
+
+
# test good keyring and ensure we get no errors
ADD_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg
if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
@@ -72,3 +92,4 @@ uid Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubun
pub 4096R/EFE21092 2012-05-11
uid Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>
' $GPG --list-keys
+