From 7bf533967fb385b9625a1ee4dd7c6542a84b489c Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 12 Sep 2018 01:44:18 +0200 Subject: Communicate back which key(s) were used for signing Telling the acquire system which keys caused the gpgv method to succeed allows us for now just a casual check if the gpgv method really executed catching bugs like CVE-2018-0501, but we will make use of the information for better features in the following commits. --- apt-pkg/acquire-item.cc | 18 +++++++++++++++--- apt-pkg/acquire-item.h | 3 ++- 2 files changed, 17 insertions(+), 4 deletions(-) (limited to 'apt-pkg') diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 83c793093..755e1fb59 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1464,8 +1464,20 @@ bool pkgAcqMetaBase::CheckDownloadDone(pkgAcqTransactionItem * const I, const st return true; } /*}}}*/ -bool pkgAcqMetaBase::CheckAuthDone(string const &Message) /*{{{*/ +bool pkgAcqMetaBase::CheckAuthDone(string const &Message, pkgAcquire::MethodConfig const *const Cnf) /*{{{*/ { + /* If we work with a recent version of our gpgv method, we expect that it tells us + which key(s) have signed the file so stuff like CVE-2018-0501 is harder in the future */ + if (Cnf->Version != "1.0" && LookupTag(Message, "Signed-By").empty()) + { + std::string errmsg; + strprintf(errmsg, "Internal Error: Signature on %s seems good, but expected details are missing! (%s)", Target.URI.c_str(), "Signed-By"); + if (ErrorText.empty()) + ErrorText = errmsg; + Status = StatAuthError; + return _error->Error("%s", errmsg.c_str()); + } + // At this point, the gpgv method has succeeded, so there is a // valid signature from a key in the trusted keyring. We // perform additional verification of its contents, and use them @@ -1946,7 +1958,7 @@ void pkgAcqMetaClearSig::Done(std::string const &Message, QueueForSignatureVerify(this, DestFile, DestFile); return; } - else if(CheckAuthDone(Message) == true) + else if (CheckAuthDone(Message, Cnf) == true) { if (TransactionManager->IMSHit == false) TransactionManager->TransactionStageCopy(this, DestFile, GetFinalFilename()); @@ -2190,7 +2202,7 @@ void pkgAcqMetaSig::Done(string const &Message, HashStringList const &Hashes, } return; } - else if(MetaIndex->CheckAuthDone(Message) == true) + else if (MetaIndex->CheckAuthDone(Message, Cfg) == true) { auto const Releasegpg = GetFinalFilename(); auto const Release = MetaIndex->GetFinalFilename(); diff --git a/apt-pkg/acquire-item.h b/apt-pkg/acquire-item.h index 4a1378922..70651d9e3 100644 --- a/apt-pkg/acquire-item.h +++ b/apt-pkg/acquire-item.h @@ -451,8 +451,9 @@ class APT_HIDDEN pkgAcqMetaBase : public pkgAcqTransactionItem /*{{{*/ * * \param Message The message block received from the fetch * subprocess. + * \param Cnf The method and its configuration which handled the request */ - bool CheckAuthDone(std::string const &Message); + bool CheckAuthDone(std::string const &Message, pkgAcquire::MethodConfig const *const Cnf); /** Check if the current item should fail at this point */ bool CheckStopAuthentication(pkgAcquire::Item * const I, const std::string &Message); -- cgit v1.2.3