All subkeys must be followed by a binding signature by the primary key as per the OpenPGP RFC, enforce the presence and validity in the parser. The implementation is as kludgey as they come to work around our simple-minded parser structure without touching API, to maximise backportability. Store all the raw packets internally as we decode them to be able to access previous elements at will, needed to validate ordering and access the actual data. Add testcases for manipulated keys whose import previously would succeed.
Depends on the two previous commits: 55d5811a10d5a4c5d965373f5841280a5f43d7ef and d2fcd5380fe3390e695a016727a695829a0a3610 You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1795 -- Commit Summary -- * <a href="https://github.com/rpm-software-management/rpm/pull/1795/commits/55d5811a10d5a4c5d965373f5841280a5f43d7ef">Only set MPIs for signature types we can handle</a> * <a href="https://github.com/rpm-software-management/rpm/pull/1795/commits/d2fcd5380fe3390e695a016727a695829a0a3610">Refactor pgpDigParams construction to helper function</a> * <a href="https://github.com/rpm-software-management/rpm/pull/1795/commits/6a5ac9dd1330f304130985171666e261a31dd6c6">Validate and require subkey binding signatures on PGP public keys</a> -- File Changes -- M rpmio/rpmpgp.c (125) M tests/Makefile.am (3) A tests/data/keys/CVE-2021-3521-badbind.asc (25) A tests/data/keys/CVE-2021-3521-nosubsig-last.asc (25) A tests/data/keys/CVE-2021-3521-nosubsig.asc (37) M tests/rpmsigdig.at (28) -- Patch Links -- https://github.com/rpm-software-management/rpm/pull/1795.patch https://github.com/rpm-software-management/rpm/pull/1795.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1795
_______________________________________________ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint