From 2e3c9d6452e69dcb5c83732fbda27b747bc997f4 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <kalnischkies@gmail.com>
Date: Mon, 6 Jun 2011 21:29:16 +0200
Subject: * apt-pkg/indexcopy.cc:   - Verify that the first line of an
 InRelease file is a PGP header     for a signed message. Otherwise a
 man-in-the-middle can prefix     a valid InRelease file with his own data!
 (CVE-2011-1829)

---
 methods/gpgv.cc | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'methods')

diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index efe1f73f7..960c06180 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -65,13 +65,16 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
       return string("Couldn't spawn new process") + strerror(errno);
    else if (pid == 0)
    {
-      if (SigVerify::RunGPGV(outfile, file, 3, fd) == false)
+      _error->PushToStack();
+      bool const success = SigVerify::RunGPGV(outfile, file, 3, fd);
+      if (success == false)
       {
-	 // TRANSLATOR: %s is the trusted keyring parts directory
-	 ioprintf(ret, _("No keyring installed in %s."),
-		  _config->FindDir("Dir::Etc::TrustedParts").c_str());
-	 return ret.str();
+	 string errmsg;
+	 _error->PopMessage(errmsg);
+	 _error->RevertToStack();
+	 return errmsg;
       }
+      _error->RevertToStack();
       exit(111);
    }
    close(fd[1]);
-- 
cgit v1.2.3