diff options
| -rw-r--r-- | apt-pkg/contrib/gpgv.cc | 18 | ||||
| -rwxr-xr-x | test/integration/test-bug-921685-binary-detached-signature | 22 |
2 files changed, 38 insertions, 2 deletions
diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc index 35d859849..d956eaf00 100644 --- a/apt-pkg/contrib/gpgv.cc +++ b/apt-pkg/contrib/gpgv.cc @@ -297,10 +297,24 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, } if (found_signatures == 0 && statusfd != -1) { - // This is not an attack attempt but a file even gpgv would complain about - // likely the result of a paywall which is covered by the gpgv method auto const errtag = "[GNUPG:] NODATA\n"; FileFd::Write(fd[1], errtag, strlen(errtag)); + // guess if this is a binary signature, we never officially supported them, + // but silently accepted them via passing them unchecked to gpgv + if (found_badcontent) + { + rewind(detached.get()); + auto ptag = fgetc(detached.get()); + // ยง4.2 says that the first bit is always set and gpg seems to generate + // only old format which is indicated by the second bit not set + if (ptag != EOF && (ptag & 0x80) != 0 && (ptag & 0x40) == 0) + { + apt_error(std::cerr, statusfd, fd, "Detached signature file '%s' is in unsupported binary format", FileGPG.c_str()); + local_exit(112); + } + } + // This is not an attack attempt but a file even gpgv would complain about + // likely the result of a paywall which is covered by the gpgv method local_exit(113); } else if (found_badcontent) diff --git a/test/integration/test-bug-921685-binary-detached-signature b/test/integration/test-bug-921685-binary-detached-signature new file mode 100755 index 000000000..df863197a --- /dev/null +++ b/test/integration/test-bug-921685-binary-detached-signature @@ -0,0 +1,22 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" +setupenvironment +configarchitecture 'amd64' + +insertpackage 'unstable' 'foo' 'all' '1' + +buildaptarchive +setupdistsaptarchive + +for RELEASE in $(find aptarchive -name 'Release'); do + # note the missing --armor + dosigning "keys/joesixpack" --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}" +done + +testfailure apt show foo +testfailure aptget update +testsuccess grep 'W: .* Detached signature file .* is in unsupported binary format' rootdir/tmp/testfailure.output +testfailure apt show foo |