The following commit has been merged in the master branch:
commit b08f7a8306f872b077af4040ebeab8853faaf0cd
Author: Guillem Jover <[email protected]>
Date: Sun Dec 16 00:33:25 2012 +0100
Dpkg::Control::Hash: Check for presence of OpenPGP signatures
Make sure the OpenGPG armor contains a signature block, even on EOF.
This should get detected and rejected by gpgv anyway, but it's better
to check the structure of the message before doing any further parsing
on it.
diff --git a/debian/changelog b/debian/changelog
index c881d8b..686920e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,7 @@ dpkg (1.16.10) UNRELEASED; urgency=low
* Abort installation if we cannot set the security context for a file.
* Fix OpenPGP armored signature parsing, to be resilient against doctored
input, including source package control files. Closes: #695919
+ * Make sure the OpenGPG armor contains a signature block, even on EOF.
[ Updated programs translations ]
* Esperanto (Felipe Castro).
diff --git a/scripts/Dpkg/Control/Hash.pm b/scripts/Dpkg/Control/Hash.pm
index 623ca73..5a1c1ca 100644
--- a/scripts/Dpkg/Control/Hash.pm
+++ b/scripts/Dpkg/Control/Hash.pm
@@ -171,6 +171,8 @@ sub parse {
my $paraborder = 1;
my $cf; # Current field
my $expect_pgp_sig = 0;
+ my $pgp_signed = 0;
+
while (<$fh>) {
s/\s*\n$//;
next if (m/^$/ and $paraborder);
@@ -223,6 +225,9 @@ sub parse {
unless (defined($_)) {
syntaxerr($desc, _g("unfinished PGP signature"));
}
+ # This does not mean the signature is correct, that needs to
+ # be verified by gnupg.
+ $pgp_signed = 1;
}
last; # Finished parsing one block
} else {
@@ -230,6 +235,11 @@ sub parse {
_g("line with unknown format (not field-colon-value)"));
}
}
+
+ if ($expect_pgp_sig and not $pgp_signed) {
+ syntaxerr($desc, _g("unfinished PGP signature"));
+ }
+
return defined($cf);
}
diff --git a/scripts/Makefile.am b/scripts/Makefile.am
index 13c9123..977146c 100644
--- a/scripts/Makefile.am
+++ b/scripts/Makefile.am
@@ -231,6 +231,7 @@ test_data = \
t/700_Dpkg_Control/control-1 \
t/700_Dpkg_Control/bogus-unsigned.dsc \
t/700_Dpkg_Control/bogus-armor-double.dsc \
+ t/700_Dpkg_Control/bogus-armor-no-sig.dsc \
t/700_Dpkg_Control/bogus-armor-trail.dsc \
t/700_Dpkg_Control/bogus-armor-nested.dsc \
t/700_Dpkg_Control/bogus-armor-spaces.dsc \
diff --git a/scripts/t/700_Dpkg_Control.t b/scripts/t/700_Dpkg_Control.t
index dab90d5..77a4e5d 100644
--- a/scripts/t/700_Dpkg_Control.t
+++ b/scripts/t/700_Dpkg_Control.t
@@ -13,7 +13,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-use Test::More tests => 20;
+use Test::More tests => 21;
use strict;
use warnings;
@@ -109,6 +109,9 @@ my $dsc;
$dsc = parse_dsc("$datadir/bogus-unsigned.dsc");
is($dsc, undef, 'Unsigned .dsc w/ OpenPGP armor');
+$dsc = parse_dsc("$datadir/bogus-armor-no-sig.dsc");
+is($dsc, undef, 'Signed .dsc w/ OpenPGP armor missing signature');
+
$dsc = parse_dsc("$datadir/bogus-armor-trail.dsc");
is($dsc, undef, 'Signed .dsc w/ bogus OpenPGP armor trailer');
diff --git a/scripts/t/700_Dpkg_Control/bogus-armor-no-sig.dsc
b/scripts/t/700_Dpkg_Control/bogus-armor-no-sig.dsc
new file mode 100644
index 0000000..4502a18
--- /dev/null
+++ b/scripts/t/700_Dpkg_Control/bogus-armor-no-sig.dsc
@@ -0,0 +1,4 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+Source: pass
--
dpkg's main repository
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
