diff options
| -rwxr-xr-x | cmdline/apt-key | 14 | ||||
| -rw-r--r-- | debian/changelog | 7 | ||||
| -rw-r--r-- | test/integration/exploid-keyring-with-dupe-subkeys.pub | bin | 0 -> 2016 bytes | |||
| -rwxr-xr-x | test/integration/test-apt-key-net-update | 21 |
4 files changed, 36 insertions, 6 deletions
diff --git a/cmdline/apt-key b/cmdline/apt-key index dda3c1b43..6e85b7353 100755 --- a/cmdline/apt-key +++ b/cmdline/apt-key @@ -50,18 +50,20 @@ add_keys_with_verify_against_master_keyring() { # all keys that are exported must have a valid signature # from a key in the $distro-master-keyring add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5` + all_add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^[ps]ub | cut -d: -f5` master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5` - - for add_key in $add_keys; do - # ensure there are no colisions LP: #857472 + # ensure there are no colisions LP: #857472 + for all_add_key in $all_add_keys; do for master_key in $master_keys; do - if [ "$add_key" = "$master_key" ]; then - echo >&2 "Keyid collision for '$add_key' detected, operation aborted" + if [ "$all_add_key" = "$master_key" ]; then + echo >&2 "Keyid collision for '$all_add_key' detected, operation aborted" return 1 fi done - + done + + for add_key in $add_keys; do # export the add keyring one-by-one rm -f $TMP_KEYRING $GPG_CMD --keyring $ADD_KEYRING --output $TMP_KEYRING --export $add_key diff --git a/debian/changelog b/debian/changelog index 74eb09add..ec03e5a51 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +apt (0.9.6ubuntu2) quantal; urgency=low + + * adjust apt-key to ensure no collisions on subkeys too. Patch thanks to + Marc Deslauriers. (LP: #1013128) + + -- Jamie Strandboge <jamie@ubuntu.com> Thu, 14 Jun 2012 11:29:48 -0500 + apt (0.9.6ubuntu1) quantal; urgency=low [ Michael Vogt ] diff --git a/test/integration/exploid-keyring-with-dupe-subkeys.pub b/test/integration/exploid-keyring-with-dupe-subkeys.pub Binary files differnew file mode 100644 index 000000000..02d4e6ee8 --- /dev/null +++ b/test/integration/exploid-keyring-with-dupe-subkeys.pub diff --git a/test/integration/test-apt-key-net-update b/test/integration/test-apt-key-net-update index 452766b4d..d5205836f 100755 --- a/test/integration/test-apt-key-net-update +++ b/test/integration/test-apt-key-net-update @@ -49,6 +49,26 @@ else msgpass fi + +# test another possible attack vector using subkeys (LP: #1013128) +msgtest "add_keys_with_verify_against_master_keyring with subkey attack" +ADD_KEYRING=./keys/exploid-keyring-with-dupe-subkeys.pub +if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then + msgfail +else + msgpass +fi + +# ensure the keyring is still empty +gpg_out=$($GPG --list-keys) +msgtest "Test if keyring is empty" +if [ -n "" ]; then + msgfail +else + msgpass +fi + + # test good keyring and ensure we get no errors ADD_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then @@ -72,3 +92,4 @@ uid Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubun pub 4096R/EFE21092 2012-05-11 uid Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com> ' $GPG --list-keys + |