Bug#758615: marked as done ([patch] more error handling & remove global state)

Debian Bug Tracking System Mon, 27 Oct 2014 20:58:02 -0700

Your message dated Tue, 28 Oct 2014 03:35:03 +0000
with message-id <[email protected]>
and subject line Bug#758615: fixed in debsig-verify 0.11
has caused the Debian Bug report #758615,
regarding [patch] more error handling & remove global state
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
758615: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758615
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: debsig-verify
Version: 0.10

Hello,

because we want to use debsig-verify as part of the click project I
asked the ubuntu security team for a quick code review [1]. There were
some issues raised, notably that some error checks are missing and
that the use of the global state.

Attached are two patches that add some additional error checking.

I also started with the removal of the global state
(attached as well). However it is not very elegant and I wonder if it would
make more sense to have a 
"""
struct ds_ctx {
       char *deb,
       FILE *deb_fs,
       char *originID
}
"""
that is passed around as the context instead of my current approach.

And please let me know if you prefer a different workflow for (many)
patches like this, I can also publish my git branch somewhere if that
is easier for you.

Feedback/review welcome!

Thanks,
 Michael


[1] 
https://bugs.launchpad.net/ubuntu/+source/debsig-verify/+bug/1358272/comments/2

>From 8b89723dc6618d2718b4fa83d01c5df03ac83fca Mon Sep 17 00:00:00 2001
From: Michael Vogt <[email protected]>
Date: Tue, 19 Aug 2014 10:09:24 +0200
Subject: [PATCH 1/5] add error checking on fork()

---
 gpg-parse.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/gpg-parse.c b/gpg-parse.c
index ab450af..14a9175 100644
--- a/gpg-parse.c
+++ b/gpg-parse.c
@@ -20,7 +20,7 @@
 /*
  * routines to parse gpg output
  */
-
+#include <errno.h>
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
@@ -120,7 +120,10 @@ char *getSigKeyID (const char *deb, const char *type) {
 	 (ds_write = fdopen(pwrite[1], "w")) == NULL)
 	ds_fail_printf(DS_FAIL_INTERNAL, "error opening file stream for gpg");
 
-    if (!(pid = fork())) {
+    pid = fork();
+    if(pid < 0)
+       ds_fail_printf(DS_FAIL_INTERNAL, "failed to fork (errno %s)", strerror(errno));
+    if (pid == 0) {
 	/* Here we go */
 	dup2(pread[1],1); close(pread[0]); close(pread[1]);
 	dup2(pwrite[0],0); close(pwrite[0]); close(pwrite[1]);
@@ -186,7 +189,10 @@ int gpgVerify(const char *data, struct match *mtc, const char *sig) {
 	return 0;
     }
 
-    if (!(pid = fork())) {
+    pid = fork();
+    if(pid < 0)
+       ds_fail_printf(DS_FAIL_INTERNAL, "failed to fork (%s)", strerror(errno));
+    if (pid == 0) {
 	if (DS_LEV_DEBUG < ds_debug_level) {
 	    close(0); close(1); close(2);
 	}
-- 
2.0.0.rc0

>From 8bc395f20d958cde6bf079d130a3de7118a922d5 Mon Sep 17 00:00:00 2001
From: Michael Vogt <[email protected]>
Date: Tue, 19 Aug 2014 10:30:20 +0200
Subject: [PATCH 2/5] add error/eof checking into getSigKeyID()

---
 gpg-parse.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/gpg-parse.c b/gpg-parse.c
index 14a9175..e051519 100644
--- a/gpg-parse.c
+++ b/gpg-parse.c
@@ -98,13 +98,13 @@ char *getKeyID (const struct match *mtc) {
 }
 
 char *getSigKeyID (const char *deb, const char *type) {
-    static char buf[2048];
+    char buf[2048];
     int pread[2], pwrite[2], t;
-    off_t len = checkSigExist(type);
     pid_t pid;
     FILE *ds_read, *ds_write;
     char *c, *ret = NULL;
 
+    off_t len = checkSigExist(type);
     if (!len)
 	return NULL;
 
@@ -134,15 +134,19 @@ char *getSigKeyID (const char *deb, const char *type) {
 
     /* First, let's feed gpg our signature. Don't forget, our call to
      * checkSigExist() above positioned the deb_fs file pointer already.  */
-    t = fread(buf, 1, sizeof(buf), deb_fs);
-    while(len > 0) {
+    do {
+       t = fread(buf, 1, sizeof(buf), deb_fs);
+       if (ferror(deb_fs))
+          ds_fail_printf(DS_FAIL_INTERNAL, "getSigKeyID: error reading signature (%s)",
+                         strerror(errno));
+
 	if (t > len)
 	    fwrite(buf, 1, len, ds_write);
 	else
 	    fwrite(buf, 1, t, ds_write);
 	len -= t;
-	t = fread(buf, 1, sizeof(buf), deb_fs);
-    }
+    } while(len > 0 || !feof(deb_fs));
+
     if (ferror(ds_write))
 	ds_fail_printf(DS_FAIL_INTERNAL, "error writing to gpg");
     fclose(ds_write);
-- 
2.0.0.rc0

>From 3096b1471e3248b09d4d5eaec618a1002e6acf8c Mon Sep 17 00:00:00 2001
From: Michael Vogt <[email protected]>
Date: Tue, 19 Aug 2014 10:44:58 +0200
Subject: [PATCH 3/5] remove global *deb var

---
 ar-parse.c      |  2 +-
 debsig-verify.c | 23 +++++++++++------------
 debsig.h        |  4 ++--
 gpg-parse.c     |  2 +-
 misc.c          |  4 ++--
 5 files changed, 17 insertions(+), 18 deletions(-)

diff --git a/ar-parse.c b/ar-parse.c
index 477bf15..5146491 100644
--- a/ar-parse.c
+++ b/ar-parse.c
@@ -39,7 +39,7 @@
  * nothing important is going to be zero length anyway, so we treat it as
  * "non-existant".  */
 off_t
-findMember(const char *name)
+findMember(const char *deb, const char *name)
 {
     char magic[SARMAG+1];
     struct ar_hdr arh;
diff --git a/debsig-verify.c b/debsig-verify.c
index 6adf7a9..33aaa1a 100644
--- a/debsig-verify.c
+++ b/debsig-verify.c
@@ -36,7 +36,6 @@
 char originID[2048];
 char *rootdir = "";
 
-char *deb = NULL;
 FILE *deb_fs = NULL;
 
 #define CTAR(x) "control.tar" # x
@@ -68,7 +67,7 @@ static int checkSelRules(struct group *grp, const char *deb) {
 	 * specified, don't we?
 	 */
 
-        len = checkSigExist(mtc->name);
+        len = checkSigExist(deb, mtc->name);
 
         /* If the member exists and we reject it, fail now. Also, if it
          * doesn't exist, and we require it, fail as well. */
@@ -135,12 +134,12 @@ static int verifyGroupRules(struct group *grp, const char *deb) {
 
     /* Now, let's find all the members we need to check and cat them into a
      * single temp file. This is what we pass to gpg.  */
-    if (!(len = findMember(ver_magic_member)))
+    if (!(len = findMember(deb, ver_magic_member)))
         goto fail_and_close;
     len = passthrough(deb_fs, fp, len);
 
     for (i = 0; ver_ctrl_members[i]; i++) {
-	if (!(len = findMember(ver_ctrl_members[i])))
+        if (!(len = findMember(deb, ver_ctrl_members[i])))
 	    continue;
 	len = passthrough(deb_fs, fp, len);
 	break;
@@ -149,7 +148,7 @@ static int verifyGroupRules(struct group *grp, const char *deb) {
 	goto fail_and_close;
 
     for (i = 0; ver_data_members[i]; i++) {
-	if (!(len = findMember(ver_data_members[i])))
+        if (!(len = findMember(deb, ver_data_members[i])))
 	    continue;
 	len = passthrough(deb_fs, fp, len);
 	break;
@@ -174,7 +173,7 @@ static int verifyGroupRules(struct group *grp, const char *deb) {
 	}
 
 	/* This will also position deb_fs to the start of the member */
-	len = checkSigExist(mtc->name);
+	len = checkSigExist(deb, mtc->name);
 
 	/* If the member exists and we reject it, die now. Also, if it
 	 * doesn't exist, and we require it, die as well. */
@@ -233,17 +232,17 @@ fail_and_close:
     return 0;
 }
 
-static int checkIsDeb(void) {
+static int checkIsDeb(const char *deb) {
     int i;
     const char *member;
 
-    if (!findMember(ver_magic_member)) {
+    if (!findMember(deb, ver_magic_member)) {
        ds_printf(DS_LEV_VER, "Missing archive magic member %s", ver_magic_member);
        return 0;
     }
 
     for (i = 0; (member = ver_ctrl_members[i]); i++)
-        if (findMember(member))
+        if (findMember(deb, member))
             break;
     if (!member) {
         ds_printf(DS_LEV_VER, "Missing archive control member, checked:");
@@ -253,7 +252,7 @@ static int checkIsDeb(void) {
     }
 
     for (i = 0; (member = ver_data_members[i]); i++)
-        if (findMember(member))
+        if (findMember(deb, member))
             break;
     if (!member) {
         ds_printf(DS_LEV_VER, "Missing archive data member, checked:");
@@ -362,7 +361,7 @@ int main(int argc, char *argv[]) {
     if (i + 1 != argc) /* There should only be one arg left */
 	outputUsage();
 
-    deb = argv[i];
+    const char *deb = argv[i];
 
     if ((deb_fs = fopen(deb, "r")) == NULL)
 	ds_fail_printf(DS_FAIL_INTERNAL, "could not open %s (%s)", deb, strerror(errno));
@@ -370,7 +369,7 @@ int main(int argc, char *argv[]) {
     if (!list_only)
 	ds_printf(DS_LEV_VER, "Starting verification for: %s", deb);
 
-    if (!checkIsDeb())
+    if (!checkIsDeb(deb))
 	ds_fail_printf(DS_FAIL_INTERNAL, "%s does not appear to be a deb format package", deb);
 
     if ((tmpID = getSigKeyID(deb, "origin")) == NULL)
diff --git a/debsig.h b/debsig.h
index 1b81681..04ad0b8 100644
--- a/debsig.h
+++ b/debsig.h
@@ -61,8 +61,8 @@ struct policy {
 };
 
 struct policy *parsePolicyFile(const char *filename);
-off_t findMember(const char *name);
-off_t checkSigExist(const char *name);
+off_t findMember(const char *deb, const char *name);
+off_t checkSigExist(const char *deb, const char *name);
 char *getKeyID (const struct match *mtc);
 char *getSigKeyID (const char *deb, const char *type);
 int gpgVerify(const char *data, struct match *mtc, const char *sig);
diff --git a/gpg-parse.c b/gpg-parse.c
index e051519..ec8abfb 100644
--- a/gpg-parse.c
+++ b/gpg-parse.c
@@ -104,7 +104,7 @@ char *getSigKeyID (const char *deb, const char *type) {
     FILE *ds_read, *ds_write;
     char *c, *ret = NULL;
 
-    off_t len = checkSigExist(type);
+    off_t len = checkSigExist(deb, type);
     if (!len)
 	return NULL;
 
diff --git a/misc.c b/misc.c
index 01a2a2c..053ff2c 100644
--- a/misc.c
+++ b/misc.c
@@ -43,7 +43,7 @@ void ds_printf(int level, const char *fmt, ...) {
 }
 
 off_t
-checkSigExist(const char *name)
+checkSigExist(const char *deb, const char *name)
 {
     char buf[16];
 
@@ -54,5 +54,5 @@ checkSigExist(const char *name)
 
     snprintf(buf, sizeof(buf) - 1, "_gpg%s", name);
 
-    return findMember(buf);
+    return findMember(deb, buf);
 }
-- 
2.0.0.rc0

>From c67e438bf2a1271ecd36c118678b92fc487b5c54 Mon Sep 17 00:00:00 2001
From: Michael Vogt <[email protected]>
Date: Tue, 19 Aug 2014 10:56:51 +0200
Subject: [PATCH 4/5] remove global deb_fs state

---
 Makefile        |  2 +-
 ar-parse.c      |  2 +-
 debsig-verify.c | 42 +++++++++++++++++++++++-------------------
 debsig.h        |  4 ++--
 gpg-parse.c     |  8 ++++++--
 misc.c          |  4 ++--
 6 files changed, 35 insertions(+), 27 deletions(-)

diff --git a/Makefile b/Makefile
index 402a302..2dc0256 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,5 @@
 CC = gcc
-CFLAGS = -Wall -g -O2
+CFLAGS = -Wall -Wextra -g -O2
 
 #TESTING=1
 
diff --git a/ar-parse.c b/ar-parse.c
index 5146491..5ff558a 100644
--- a/ar-parse.c
+++ b/ar-parse.c
@@ -39,7 +39,7 @@
  * nothing important is going to be zero length anyway, so we treat it as
  * "non-existant".  */
 off_t
-findMember(const char *deb, const char *name)
+findMember(const char *deb, const char *name, FILE *deb_fs)
 {
     char magic[SARMAG+1];
     struct ar_hdr arh;
diff --git a/debsig-verify.c b/debsig-verify.c
index 33aaa1a..b19eec9 100644
--- a/debsig-verify.c
+++ b/debsig-verify.c
@@ -36,15 +36,13 @@
 char originID[2048];
 char *rootdir = "";
 
-FILE *deb_fs = NULL;
-
 #define CTAR(x) "control.tar" # x
 #define DTAR(x) "data.tar" # x
 char *ver_magic_member = "debian-binary";
 char *ver_ctrl_members[] = { CTAR(), CTAR(.gz), CTAR(.xz), 0 };
 char *ver_data_members[] = { DTAR(), DTAR(.gz), DTAR(.xz), DTAR(.bz2), DTAR(.lzma), 0 };
 
-static int checkSelRules(struct group *grp, const char *deb) {
+static int checkSelRules(struct group *grp, const char *deb, FILE *deb_fs) {
     int opt_count = 0;
     struct match *mtc;
     int len;
@@ -67,7 +65,7 @@ static int checkSelRules(struct group *grp, const char *deb) {
 	 * specified, don't we?
 	 */
 
-        len = checkSigExist(deb, mtc->name);
+        len = checkSigExist(deb, mtc->name, deb_fs);
 
         /* If the member exists and we reject it, fail now. Also, if it
          * doesn't exist, and we require it, fail as well. */
@@ -107,7 +105,7 @@ passthrough(FILE *in, FILE *out, off_t len)
     return len;
 }
 
-static int verifyGroupRules(struct group *grp, const char *deb) {
+static int verifyGroupRules(struct group *grp, const char *deb, FILE *deb_fs) {
     FILE *fp;
     char tmp_sig[32] = {'\0'}, tmp_data[32] = {'\0'};
     int opt_count = 0, t, i, fd;
@@ -134,12 +132,12 @@ static int verifyGroupRules(struct group *grp, const char *deb) {
 
     /* Now, let's find all the members we need to check and cat them into a
      * single temp file. This is what we pass to gpg.  */
-    if (!(len = findMember(deb, ver_magic_member)))
+    if (!(len = findMember(deb, ver_magic_member, deb_fs)))
         goto fail_and_close;
     len = passthrough(deb_fs, fp, len);
 
     for (i = 0; ver_ctrl_members[i]; i++) {
-        if (!(len = findMember(deb, ver_ctrl_members[i])))
+       if (!(len = findMember(deb, ver_ctrl_members[i], deb_fs)))
 	    continue;
 	len = passthrough(deb_fs, fp, len);
 	break;
@@ -148,7 +146,7 @@ static int verifyGroupRules(struct group *grp, const char *deb) {
 	goto fail_and_close;
 
     for (i = 0; ver_data_members[i]; i++) {
-        if (!(len = findMember(deb, ver_data_members[i])))
+        if (!(len = findMember(deb, ver_data_members[i], deb_fs)))
 	    continue;
 	len = passthrough(deb_fs, fp, len);
 	break;
@@ -173,7 +171,7 @@ static int verifyGroupRules(struct group *grp, const char *deb) {
 	}
 
 	/* This will also position deb_fs to the start of the member */
-	len = checkSigExist(deb, mtc->name);
+	len = checkSigExist(deb, mtc->name, deb_fs);
 
 	/* If the member exists and we reject it, die now. Also, if it
 	 * doesn't exist, and we require it, die as well. */
@@ -233,35 +231,40 @@ fail_and_close:
 }
 
 static int checkIsDeb(const char *deb) {
-    int i;
+    int i, res = 0;
     const char *member;
 
-    if (!findMember(deb, ver_magic_member)) {
+    FILE *deb_fs = fopen(deb, "r");
+
+    if (!findMember(deb, ver_magic_member, deb_fs)) {
        ds_printf(DS_LEV_VER, "Missing archive magic member %s", ver_magic_member);
-       return 0;
+       goto out;
     }
 
     for (i = 0; (member = ver_ctrl_members[i]); i++)
-        if (findMember(deb, member))
+        if (findMember(deb, member, deb_fs))
             break;
     if (!member) {
         ds_printf(DS_LEV_VER, "Missing archive control member, checked:");
         for (i = 0; (member = ver_ctrl_members[i]); i++)
             ds_printf(DS_LEV_VER, "    %s", member);
-        return 0;
+        goto out;
     }
 
     for (i = 0; (member = ver_data_members[i]); i++)
-        if (findMember(deb, member))
+        if (findMember(deb, member, deb_fs))
             break;
     if (!member) {
         ds_printf(DS_LEV_VER, "Missing archive data member, checked:");
         for (i = 0; (member = ver_data_members[i]); i++)
             ds_printf(DS_LEV_VER, "    %s", member);
-        return 0;
+        goto out;
     }
+    res = 1;
 
-    return 1;
+ out:
+    fclose(deb_fs);
+    return res;
 }
 
 static void outputVersion(void) {
@@ -312,6 +315,7 @@ int main(int argc, char *argv[]) {
     struct dirent *pd_ent;
     struct group *grp;
     int i, list_only = 0;
+    FILE *deb_fs;
 
     dpkg_set_progname(argv[0]);
 
@@ -408,7 +412,7 @@ int main(int argc, char *argv[]) {
 	/* Now let's see if this policy's selection is useful for this .deb  */
 	ds_printf(DS_LEV_VER, "    Checking Selection group(s).");
 	for (grp = pol->sels; grp != NULL; grp = grp->next) {
-	    if (!checkSelRules(grp, deb)) {
+            if (!checkSelRules(grp, deb, deb_fs)) {
 		clear_policy();
 		ds_printf(DS_LEV_VER, "    Selection group failed checks.");
 		pol = NULL;
@@ -440,7 +444,7 @@ int main(int argc, char *argv[]) {
     ds_printf(DS_LEV_VER, "    Checking Verification group(s).");
 
     for (grp = pol->vers; grp; grp = grp->next) {
-	if (!verifyGroupRules(grp, deb)) {
+        if (!verifyGroupRules(grp, deb, deb_fs)) {
 	    ds_printf(DS_LEV_VER, "    Verification group failed checks.");
 	    ds_fail_printf(DS_FAIL_BADSIG, "Failed verification for %s.", deb);
 	}
diff --git a/debsig.h b/debsig.h
index 04ad0b8..3d3d0e0 100644
--- a/debsig.h
+++ b/debsig.h
@@ -61,8 +61,8 @@ struct policy {
 };
 
 struct policy *parsePolicyFile(const char *filename);
-off_t findMember(const char *deb, const char *name);
-off_t checkSigExist(const char *deb, const char *name);
+off_t findMember(const char *deb, const char *name, FILE *deb_fs);
+off_t checkSigExist(const char *deb, const char *name, FILE *deb_fs);
 char *getKeyID (const struct match *mtc);
 char *getSigKeyID (const char *deb, const char *type);
 int gpgVerify(const char *data, struct match *mtc, const char *sig);
diff --git a/gpg-parse.c b/gpg-parse.c
index ec8abfb..e34a659 100644
--- a/gpg-parse.c
+++ b/gpg-parse.c
@@ -104,9 +104,12 @@ char *getSigKeyID (const char *deb, const char *type) {
     FILE *ds_read, *ds_write;
     char *c, *ret = NULL;
 
-    off_t len = checkSigExist(deb, type);
-    if (!len)
+    FILE *deb_fs = fopen(deb, "r");
+    off_t len = checkSigExist(deb, type, deb_fs);
+    if (!len) {
+        fclose(deb_fs);
 	return NULL;
+    }
 
     gpg_init();
 
@@ -176,6 +179,7 @@ char *getSigKeyID (const char *deb, const char *type) {
     else
 	ds_printf(DS_LEV_DEBUG, "        getSigKeyID: got %s for %s key", ret, type);
 
+    fclose(deb_fs);
     return ret;
 }
 
diff --git a/misc.c b/misc.c
index 053ff2c..03b6bd5 100644
--- a/misc.c
+++ b/misc.c
@@ -43,7 +43,7 @@ void ds_printf(int level, const char *fmt, ...) {
 }
 
 off_t
-checkSigExist(const char *deb, const char *name)
+checkSigExist(const char *deb, const char *name, FILE *deb_fs)
 {
     char buf[16];
 
@@ -54,5 +54,5 @@ checkSigExist(const char *deb, const char *name)
 
     snprintf(buf, sizeof(buf) - 1, "_gpg%s", name);
 
-    return findMember(deb, buf);
+    return findMember(deb, buf, deb_fs);
 }
-- 
2.0.0.rc0

>From d5e35b6c63a28d06f943bf1e69db362a3e4f0296 Mon Sep 17 00:00:00 2001
From: Michael Vogt <[email protected]>
Date: Tue, 19 Aug 2014 11:17:59 +0200
Subject: [PATCH 5/5] remove global originID state

---
 debsig-verify.c | 16 ++++++++--------
 debsig.h        |  7 ++-----
 gpg-parse.c     |  4 ++--
 3 files changed, 12 insertions(+), 15 deletions(-)

diff --git a/debsig-verify.c b/debsig-verify.c
index b19eec9..069cc7c 100644
--- a/debsig-verify.c
+++ b/debsig-verify.c
@@ -33,7 +33,6 @@
 
 #include "debsig.h"
 
-char originID[2048];
 char *rootdir = "";
 
 #define CTAR(x) "control.tar" # x
@@ -42,7 +41,7 @@ char *ver_magic_member = "debian-binary";
 char *ver_ctrl_members[] = { CTAR(), CTAR(.gz), CTAR(.xz), 0 };
 char *ver_data_members[] = { DTAR(), DTAR(.gz), DTAR(.xz), DTAR(.bz2), DTAR(.lzma), 0 };
 
-static int checkSelRules(struct group *grp, const char *deb, FILE *deb_fs) {
+static int checkSelRules(const char *originID, struct group *grp, const char *deb, FILE *deb_fs) {
     int opt_count = 0;
     struct match *mtc;
     int len;
@@ -54,7 +53,7 @@ static int checkSelRules(struct group *grp, const char *deb, FILE *deb_fs) {
         /* If we have an ID for this match, check to make sure it exists, and
          * matches the signature we are about to check.  */
         if (mtc->id) {
-            char *m_id = getKeyID(mtc);
+            char *m_id = getKeyID(originID, mtc);
             char *d_id = getSigKeyID(deb, mtc->name);
             if (m_id == NULL || d_id == NULL || strcmp(m_id, d_id))
                 return 0;
@@ -105,7 +104,7 @@ passthrough(FILE *in, FILE *out, off_t len)
     return len;
 }
 
-static int verifyGroupRules(struct group *grp, const char *deb, FILE *deb_fs) {
+static int verifyGroupRules(const char *originID, struct group *grp, const char *deb, FILE *deb_fs) {
     FILE *fp;
     char tmp_sig[32] = {'\0'}, tmp_data[32] = {'\0'};
     int opt_count = 0, t, i, fd;
@@ -164,7 +163,7 @@ static int verifyGroupRules(struct group *grp, const char *deb, FILE *deb_fs) {
 	/* If we have an ID for this match, check to make sure it exists, and
 	 * matches the signature we are about to check.  */
 	if (mtc->id) {
-	    char *m_id = getKeyID(mtc);
+            char *m_id = getKeyID(originID, mtc);
 	    char *d_id = getSigKeyID(deb, mtc->name);
 	    if (m_id == NULL || d_id == NULL || strcmp(m_id, d_id))
 		goto fail_and_close;
@@ -195,7 +194,7 @@ static int verifyGroupRules(struct group *grp, const char *deb, FILE *deb_fs) {
 	fclose(fp);
 
 	/* Now, let's check with gpg on this one */
-	t = gpgVerify(tmp_data, mtc, tmp_sig);
+	t = gpgVerify(originID, tmp_data, mtc, tmp_sig);
 
 	fd = -1;
 	unlink(tmp_sig);
@@ -379,6 +378,7 @@ int main(int argc, char *argv[]) {
     if ((tmpID = getSigKeyID(deb, "origin")) == NULL)
 	ds_fail_printf(DS_FAIL_NOSIGS, "Origin Signature check failed. This deb might not be signed.\n");
 
+    char originID[2048];
     strncpy(originID, tmpID, sizeof(originID));
 
     /* Now we have an ID, let's check the policy to use */
@@ -412,7 +412,7 @@ int main(int argc, char *argv[]) {
 	/* Now let's see if this policy's selection is useful for this .deb  */
 	ds_printf(DS_LEV_VER, "    Checking Selection group(s).");
 	for (grp = pol->sels; grp != NULL; grp = grp->next) {
-            if (!checkSelRules(grp, deb, deb_fs)) {
+            if (!checkSelRules(originID, grp, deb, deb_fs)) {
 		clear_policy();
 		ds_printf(DS_LEV_VER, "    Selection group failed checks.");
 		pol = NULL;
@@ -444,7 +444,7 @@ int main(int argc, char *argv[]) {
     ds_printf(DS_LEV_VER, "    Checking Verification group(s).");
 
     for (grp = pol->vers; grp; grp = grp->next) {
-        if (!verifyGroupRules(grp, deb, deb_fs)) {
+        if (!verifyGroupRules(originID, grp, deb, deb_fs)) {
 	    ds_printf(DS_LEV_VER, "    Verification group failed checks.");
 	    ds_fail_printf(DS_FAIL_BADSIG, "Failed verification for %s.", deb);
 	}
diff --git a/debsig.h b/debsig.h
index 3d3d0e0..367fb9a 100644
--- a/debsig.h
+++ b/debsig.h
@@ -63,9 +63,9 @@ struct policy {
 struct policy *parsePolicyFile(const char *filename);
 off_t findMember(const char *deb, const char *name, FILE *deb_fs);
 off_t checkSigExist(const char *deb, const char *name, FILE *deb_fs);
-char *getKeyID (const struct match *mtc);
+char *getKeyID (const char *originID, const struct match *mtc);
 char *getSigKeyID (const char *deb, const char *type);
-int gpgVerify(const char *data, struct match *mtc, const char *sig);
+int gpgVerify(const char *originID, const char *data, struct match *mtc, const char *sig);
 void clear_policy(void);
 
 /* Debugging and failures */
@@ -90,7 +90,4 @@ do {						\
 } while(0)
 
 extern int ds_debug_level;
-extern FILE *deb_fs;
-extern char *deb;
-extern char originID[];
 extern char *rootdir;
diff --git a/gpg-parse.c b/gpg-parse.c
index e34a659..7c5b27c 100644
--- a/gpg-parse.c
+++ b/gpg-parse.c
@@ -45,7 +45,7 @@ static void gpg_init(void) {
     gpg_inited = 1;
 }
 
-char *getKeyID (const struct match *mtc) {
+char *getKeyID (const char *originID, const struct match *mtc) {
     static char buf[2048];
     FILE *ds;
     char *c, *d, *ret = mtc->id;
@@ -183,7 +183,7 @@ char *getSigKeyID (const char *deb, const char *type) {
     return ret;
 }
 
-int gpgVerify(const char *data, struct match *mtc, const char *sig) {
+int gpgVerify(const char *originID, const char *data, struct match *mtc, const char *sig) {
     char keyring[8192];
     int status;
     pid_t pid;
-- 
2.0.0.rc0

--- End Message ---

--- Begin Message ---

Source: debsig-verify
Source-Version: 0.11

We believe that the bug you reported is fixed in the latest version of
debsig-verify, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guillem Jover <[email protected]> (supplier of updated debsig-verify package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 28 Oct 2014 04:01:53 +0100
Source: debsig-verify
Binary: debsig-verify
Architecture: source
Version: 0.11
Distribution: unstable
Urgency: medium
Maintainer: Dpkg Developers <[email protected]>
Changed-By: Guillem Jover <[email protected]>
Description:
 debsig-verify - Debian package signature verification tool
Closes: 758525 758615 758826
Changes:
 debsig-verify (0.11) unstable; urgency=medium
 .
   * Update Vcs-Browser git URL to the new cgit scheme.
   * Add a README file.
   * Autoconfiscate build system.
   * Add more warning flags to the default compiler flags.
   * Do not use continuation lines in string literals.
   * Reformat and reflow --help output.
   * Add a --root option to use an alternative root directory.
     Thanks to Michael Vogt <[email protected]>. Closes: #758525
   * Add new --policies-dir and --keyrings-dir options.
   * Add new --help option.
   * Do not print --version and --help on stderr and make them exit 0. And
     replace usage error output with a new function that gives a hint to the
     user to use --help instead.
   * Add long options for quiet, verbose and debug.
   * Use DS_LEV_ERR instead of DS_FAIL_INTERNAL as ds_printf() level argument.
   * Use more of libdpkg instead of ad-hoc code, to reduce code duplication,
     switch to more tested code, and so that the error return codes are
     checked and acted upon. Closes: #758615
     - Switch to use subproc module instead of fork() and waitpid().
     - Switch from xmalloc to m_malloc().
     - Use ohshit()/ohshite() instead of ds_fail_printf(DS_FAIL_INTERNAL, ...).
     - Use m_dup2() instead of raw dup2().
     - Use fdio API instead of ad-hoc file copying.
     - Use str_match_end() instead of ad-hoc code, which also fixes a warning
       due to a signed vs unsigned comparison.
   * Remove useless return statements.
   * Use a temporary GNUPGHOME instead of using the users's default.
     Based on a patch by Michael Vogt <[email protected]>. Closes: #758826
   * Error out if the GnuPG pipe failed on close.
   * Explicitly check strcmp() return value instead of handling it as a bool.
   * Switch originID from global to function scoped variable.
     Thanks to Michael Vogt <[email protected]>.
   * Switch deb and deb_fd from global to a function scoped struct.
   * Change len type to size_t to fix a signed vs unsigned comparison warning.
   * Make private functions static.
   * Make private constant string variables static const.
   * Add new autotest functional testsuite.
   * Add test cases for signature checks.
     Based on a patch by Michael Vogt <[email protected]>.
   * Update copyright holders and years.
   * Bump Standard-Version to 3.9.6 (no changed needed).
Checksums-Sha1:
 4f5a674eace4323a8842a26328614f7c06ff72d6 1646 debsig-verify_0.11.dsc
 3b7cbdab82839a65d7c40188c4a17ef32c43b772 125688 debsig-verify_0.11.tar.xz
Checksums-Sha256:
 de1e0f6f56486740697fc90272a1f9d0ad2b3db942ee1d5989d93c3cb2317b59 1646 
debsig-verify_0.11.dsc
 ae66b9e733b51824e2e449582d932b130fece40b0041ed28af83b9b6dbb0cf23 125688 
debsig-verify_0.11.tar.xz
Files:
 a4f264b0e5dfddfdaac8915bdc15f02d 1646 admin optional debsig-verify_0.11.dsc
 2e0e886614bdffc5981446f4b82edd7d 125688 admin optional 
debsig-verify_0.11.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUTwj1AAoJELlyvz6krleju7EP/AwoYbd+uSFNd8fgriKLqtnc
TYso/xDWiqTvAEAi+q48+o4xy+MtdBYfd/p4H5MD2iUe9UiP8scSy1q8wtjjDvFS
SfK1puHEUh3A0clS7f6Qcle8PM7+G1tEq0lNuaoOuSYuqDtgo6ufh9f7EuLW6cF8
ChpZqKI3QNcBdJKZ1v9+hZVvQPErYz6nSdOZGQ6FfdgZ6Qg+Bt403tPTqd+l2DK8
ULcLZBaKn29dPyJbuSTyDmg5aZNo7fE4BjPveSBLj39fwnLl37rS30qzacI6FxgJ
DqnUzKtebBm9RcGrKVXnbgLUDvoXlEI83QiP6ERiBsfZUbMuBNiEmiwDT5wxKtvT
MpwdOqyztOcV5l69HfuhqJW260YQLyvLiza3SOnkmOZh20EigX3EdoVKwzs2Aws5
o2/7CobymbguizT4mW1AKRs49gWCNF6WVQV0mLNqQap79kLlRbY4NYRyOf75WD+2
myHHlyk2b4kDhrosEfgjJlr3g4MtkNwYhv7hfXqiWbDBVS1+QnRrWOnBeaKJH5/9
OSaDVZ7bdCPlSpzZRChw6oebD8aWZzs+QVpOPNWpMr3QVdMXYUlk0uGIMJHlhXRO
zL0uy+wtgw5PhdiuXYbIo34Zk2GwzGeOJm84oMmvylhEkay0ADGT3fwKwpNghaID
IU6HGZxincU/WMiAoDQu
=Vuu9
-----END PGP SIGNATURE-----

--- End Message ---

Bug#758615: marked as done ([patch] more error handling & remove global state)

Reply via email to