From 0901c5d08eadea5b5d91b09d4f532a029cb42574 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Mon, 30 May 2011 14:04:01 +0200 Subject: apt-pkg/acquire-item.cc: Reject files known to be invalid (LP: #346386) (Closes: #195301) This commit deals with the following cases: - First section of index file (Packages,Sources,Translation) without Package field - Signed release files without GPG data (NODATA) - i18n/Index files without hash sums Handling unsigned Release files is more complicated, and the example code using indexRecords is disabled as it can reject correct Release files without hashes. How we can reliably check unsigned Release files is another question, and not urgent anyway, as it should have no dramatic effect (we could check that it is a valid RFC-822 section, but that's a bit too long to write) --- apt-pkg/acquire-item.cc | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) (limited to 'apt-pkg/acquire-item.cc') diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 6785b4e1b..6df915d8e 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -271,6 +271,14 @@ void pkgAcqSubIndex::Done(string Message,unsigned long Size,string Md5Hash, /*{{ string FinalFile = _config->FindDir("Dir::State::lists")+URItoFileName(Desc.URI); + /* Downloaded invalid transindex => Error (LP: #346386) (Closes: #195301) */ + indexRecords SubIndexParser; + if (FileExists(DestFile) == true && !SubIndexParser.Load(DestFile)) { + Status = StatError; + ErrorText = SubIndexParser.ErrorText; + return; + } + // sucess in downloading the index // rename the index if(Debug) @@ -894,6 +902,27 @@ void pkgAcqIndex::Done(string Message,unsigned long Size,string Hash, ReportMirrorFailure("HashChecksumFailure"); return; } + + /* Verify the index file for correctness (all indexes must + * have a Package field) (LP: #346386) (Closes: #195301) */ + { + FileFd fd(DestFile, FileFd::ReadOnly); + pkgTagSection sec; + pkgTagFile tag(&fd); + + if (_error->PendingError() || !tag.Step(sec)) { + Status = StatError; + _error->DumpErrors(); + Rename(DestFile,DestFile + ".FAILED"); + return; + } else if (!sec.Exists("Package")) { + Status = StatError; + ErrorText = ("Encountered a section with no Package: header"); + Rename(DestFile,DestFile + ".FAILED"); + return; + } + } + // Done, move it into position string FinalFile = _config->FindDir("Dir::State::lists"); FinalFile += URItoFileName(RealURI); @@ -1330,6 +1359,16 @@ void pkgAcqMetaIndex::AuthDone(string Message) /*{{{*/ /*}}}*/ void pkgAcqMetaIndex::QueueIndexes(bool verify) /*{{{*/ { +#if 0 + /* Reject invalid, existing Release files (LP: #346386) (Closes: #195301) + * FIXME: Disabled; it breaks unsigned repositories without hashes */ + if (!verify && FileExists(DestFile) && !MetaIndexParser->Load(DestFile)) + { + Status = StatError; + ErrorText = MetaIndexParser->ErrorText; + return; + } +#endif for (vector ::const_iterator Target = IndexTargets->begin(); Target != IndexTargets->end(); Target++) @@ -1493,6 +1532,12 @@ void pkgAcqMetaIndex::Failed(string Message,pkgAcquire::MethodConfig *Cnf) LookupTag(Message,"Message").c_str()); RunScripts("APT::Update::Auth-Failure"); return; + } else if (LookupTag(Message,"Message").find("NODATA") != string::npos) { + /* Invalid signature file, reject (LP: #346386) (Closes: #195301) */ + _error->Error(_("GPG error: %s: %s"), + Desc.Description.c_str(), + LookupTag(Message,"Message").c_str()); + return; } else { _error->Warning(_("GPG error: %s: %s"), Desc.Description.c_str(), -- cgit v1.2.3 From 4fdb612374655361c8923a4611db6a0d10054317 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Mon, 30 May 2011 14:14:11 +0200 Subject: Reject files known to be invalid (LP: #346386) (Closes: #627642) --- apt-pkg/acquire-item.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'apt-pkg/acquire-item.cc') diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 6df915d8e..998c42dc4 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -271,7 +271,7 @@ void pkgAcqSubIndex::Done(string Message,unsigned long Size,string Md5Hash, /*{{ string FinalFile = _config->FindDir("Dir::State::lists")+URItoFileName(Desc.URI); - /* Downloaded invalid transindex => Error (LP: #346386) (Closes: #195301) */ + /* Downloaded invalid transindex => Error (LP: #346386) (Closes: #627642) */ indexRecords SubIndexParser; if (FileExists(DestFile) == true && !SubIndexParser.Load(DestFile)) { Status = StatError; @@ -904,7 +904,7 @@ void pkgAcqIndex::Done(string Message,unsigned long Size,string Hash, } /* Verify the index file for correctness (all indexes must - * have a Package field) (LP: #346386) (Closes: #195301) */ + * have a Package field) (LP: #346386) (Closes: #627642) */ { FileFd fd(DestFile, FileFd::ReadOnly); pkgTagSection sec; @@ -1360,7 +1360,7 @@ void pkgAcqMetaIndex::AuthDone(string Message) /*{{{*/ void pkgAcqMetaIndex::QueueIndexes(bool verify) /*{{{*/ { #if 0 - /* Reject invalid, existing Release files (LP: #346386) (Closes: #195301) + /* Reject invalid, existing Release files (LP: #346386) (Closes: #627642) * FIXME: Disabled; it breaks unsigned repositories without hashes */ if (!verify && FileExists(DestFile) && !MetaIndexParser->Load(DestFile)) { @@ -1533,7 +1533,7 @@ void pkgAcqMetaIndex::Failed(string Message,pkgAcquire::MethodConfig *Cnf) RunScripts("APT::Update::Auth-Failure"); return; } else if (LookupTag(Message,"Message").find("NODATA") != string::npos) { - /* Invalid signature file, reject (LP: #346386) (Closes: #195301) */ + /* Invalid signature file, reject (LP: #346386) (Closes: #627642) */ _error->Error(_("GPG error: %s: %s"), Desc.Description.c_str(), LookupTag(Message,"Message").c_str()); -- cgit v1.2.3 From a0c3110e038a5186d9b108ccea06fb00619436f0 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 31 May 2011 10:40:53 +0200 Subject: apt-pkg/acquire-item.cc: only test packages file for correctness if its not empty (its ok to have empty packages files) --- apt-pkg/acquire-item.cc | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) (limited to 'apt-pkg/acquire-item.cc') diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 998c42dc4..c3817f6ee 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -910,17 +910,20 @@ void pkgAcqIndex::Done(string Message,unsigned long Size,string Hash, pkgTagSection sec; pkgTagFile tag(&fd); - if (_error->PendingError() || !tag.Step(sec)) { - Status = StatError; - _error->DumpErrors(); - Rename(DestFile,DestFile + ".FAILED"); - return; - } else if (!sec.Exists("Package")) { - Status = StatError; - ErrorText = ("Encountered a section with no Package: header"); - Rename(DestFile,DestFile + ".FAILED"); - return; - } + // Only test for correctness if the file is not empty (empty is ok) + if (fd.Size() > 0) { + if (_error->PendingError() || !tag.Step(sec)) { + Status = StatError; + _error->DumpErrors(); + Rename(DestFile,DestFile + ".FAILED"); + return; + } else if (!sec.Exists("Package")) { + Status = StatError; + ErrorText = ("Encountered a section with no Package: header"); + Rename(DestFile,DestFile + ".FAILED"); + return; + } + } } // Done, move it into position -- cgit v1.2.3