[Reproducible-commits] [dpkg] 03/08: Dpkg: Fix OpenPGP armored signature parsing

Holger Levsen holger at layer-acht.org
Tue May 3 08:43:20 UTC 2016 

This is an automated email from the git hooks/post-receive script.

holger pushed a commit to annotated tag 1.15.12
in repository dpkg.

commit 9e1f15ad8d237d2fd27ca758492cbb5992854e13
Author: Guillem Jover <guillem at debian.org>
Date:   Sun Dec 16 00:33:25 2012 +0100

    Dpkg: Fix OpenPGP armored signature parsing
    
    Cherry picked from commit 9945c52208fa7520bb307868d6c152ced8238969.
    
    Change parsing code to honour RFC4880. Handle whitespaces at EOL, and
    correctly expect five trailing dashes on the Armor Header Lines.
    
    Closes: #695919
    
    Reported-by: Ansgar Burchardt <ansgar at debian.org>
    [ben at decadent.org.uk:
     - Resolve conflict in whitespace in scripts/t/700_Dpkg_Control.t. ]
    Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
    Signed-off-by: Guillem Jover <guillem at debian.org>
---
 debian/changelog                                  |  4 +++
 scripts/Dpkg/Control/Hash.pm                      | 13 ++++----
 scripts/Dpkg/Source/Package.pm                    |  2 +-
 scripts/Makefile.am                               |  5 +++
 scripts/t/700_Dpkg_Control.t                      | 40 +++++++++++++++++++++--
 scripts/t/700_Dpkg_Control/bogus-armor-double.dsc | 13 ++++++++
 scripts/t/700_Dpkg_Control/bogus-armor-nested.dsc | 15 +++++++++
 scripts/t/700_Dpkg_Control/bogus-armor-spaces.dsc | 18 ++++++++++
 scripts/t/700_Dpkg_Control/bogus-armor-trail.dsc  | 14 ++++++++
 scripts/t/700_Dpkg_Control/bogus-unsigned.dsc     |  5 +++
 10 files changed, 120 insertions(+), 9 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 1cee3d5..c9a434f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,10 @@ dpkg (1.15.12) UNRELEASED; urgency=high
     before the PGP signature. Closes: #617923
     Thanks to Roger Leigh for the initial patch.
 
+  [ Guillem Jover ]
+  * Fix OpenPGP armored signature parsing, to be resilient against doctored
+    input, including source package control files. Closes: #695919
+
  -- Guillem Jover <guillem at debian.org>  Fri, 01 May 2015 22:02:43 +0200
 
 dpkg (1.15.11) squeeze-security; urgency=high
diff --git a/scripts/Dpkg/Control/Hash.pm b/scripts/Dpkg/Control/Hash.pm
index 82157d9..63efef8 100644
--- a/scripts/Dpkg/Control/Hash.pm
+++ b/scripts/Dpkg/Control/Hash.pm
@@ -183,31 +183,32 @@ sub parse {
 		$line = substr $line, 1;
 	    }
 	    $self->{$cf} .= "\n$line";
-	} elsif (m/^-----BEGIN PGP SIGNED MESSAGE/) {
+	} elsif (m/^-----BEGIN PGP SIGNED MESSAGE-----$/) {
 	    $expect_pgp_sig = 1;
 	    if ($$self->{'allow_pgp'}) {
 		# Skip PGP headers
 		while (<$fh>) {
-		    last if m/^$/;
+		    last if m/^\s*$/;
 		}
 	    } else {
 		syntaxerr($desc, _g("PGP signature not allowed here"));
 	    }
-	} elsif (m/^$/ || ($expect_pgp_sig && m/^-----BEGIN PGP SIGNATURE/)) {
+	} elsif (m/^$/ || ($expect_pgp_sig && m/^-----BEGIN PGP SIGNATURE-----$/)) {
 	    if ($expect_pgp_sig) {
 		# Skip empty lines
 		$_ = <$fh> while defined($_) && $_ =~ /^\s*$/;
 		length($_) ||
                     syntaxerr($desc, _g("expected PGP signature, found EOF " .
                                         "after blank line"));
-		s/\n$//;
-		unless (m/^-----BEGIN PGP SIGNATURE/) {
+		s/\s*\n$//;
+		unless (m/^-----BEGIN PGP SIGNATURE-----$/) {
 		    syntaxerr($desc, sprintf(_g("expected PGP signature, " .
                                                 "found something else \`%s'"), $_));
                 }
 		# Skip PGP signature
 		while (<$fh>) {
-		    last if m/^-----END PGP SIGNATURE/;
+		    s/\s*\n$//;
+		    last if m/^-----END PGP SIGNATURE-----$/;
 		}
 		unless (defined($_)) {
                     syntaxerr($desc, _g("unfinished PGP signature"));
diff --git a/scripts/Dpkg/Source/Package.pm b/scripts/Dpkg/Source/Package.pm
index 1285968..49e8e94 100644
--- a/scripts/Dpkg/Source/Package.pm
+++ b/scripts/Dpkg/Source/Package.pm
@@ -139,7 +139,7 @@ sub initialize {
     $self->{'is_signed'} = 0;
     while (<DSC>) {
         next if /^\s*$/o;
-        $self->{'is_signed'} = 1 if /^-----BEGIN PGP SIGNED MESSAGE-----$/o;
+        $self->{'is_signed'} = 1 if /^-----BEGIN PGP SIGNED MESSAGE-----\s*$/o;
         last;
     }
     close(DSC);
diff --git a/scripts/Makefile.am b/scripts/Makefile.am
index 766cece..1a469c3 100644
--- a/scripts/Makefile.am
+++ b/scripts/Makefile.am
@@ -229,6 +229,11 @@ test_data = \
 	t/600_Dpkg_Changelog/regressions \
 	t/600_Dpkg_Changelog/shadow \
 	t/700_Dpkg_Control/control-1 \
+	t/700_Dpkg_Control/bogus-unsigned.dsc \
+	t/700_Dpkg_Control/bogus-armor-double.dsc \
+	t/700_Dpkg_Control/bogus-armor-trail.dsc \
+	t/700_Dpkg_Control/bogus-armor-nested.dsc \
+	t/700_Dpkg_Control/bogus-armor-spaces.dsc \
 	t/750_Dpkg_Substvars/substvars1 \
 	t/910_merge_changelogs/ch-old \
 	t/910_merge_changelogs/ch-a \
diff --git a/scripts/t/700_Dpkg_Control.t b/scripts/t/700_Dpkg_Control.t
index 03e903c..68ae5e5 100644
--- a/scripts/t/700_Dpkg_Control.t
+++ b/scripts/t/700_Dpkg_Control.t
@@ -13,17 +13,32 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-use Test::More tests => 11;
+use Test::More tests => 20;
 
 use strict;
 use warnings;
 use IO::String;
 
-use_ok('Dpkg::Control::Info');
+BEGIN {
+    use_ok('Dpkg::Control');
+    use_ok('Dpkg::Control::Info');
+}
 
 my $srcdir = $ENV{srcdir} || '.';
 my $datadir = $srcdir . '/t/700_Dpkg_Control';
 
+sub parse_dsc {
+    my ($path) = @_;
+
+    my $dsc = Dpkg::Control->new(type => CTRL_PKG_SRC);
+    eval {
+        $dsc->load($path);
+        1;
+    } or return;
+
+    return $dsc;
+}
+
 my $c = Dpkg::Control::Info->new("$datadir/control-1");
 
 my $io = IO::String->new();
@@ -83,3 +98,24 @@ is(${$io->string_ref()},
 Depends: hello
 ', "Dump of second binary package of $datadir/control-1");
 
+# Check OpenPGP armored signatures in source control files
+
+my $dsc;
+
+$dsc = parse_dsc("$datadir/bogus-unsigned.dsc");
+is($dsc, undef, 'Unsigned .dsc w/ OpenPGP armor');
+
+$dsc = parse_dsc("$datadir/bogus-armor-trail.dsc");
+is($dsc, undef, 'Signed .dsc w/ bogus OpenPGP armor trailer');
+
+$dsc = parse_dsc("$datadir/bogus-armor-double.dsc");
+ok(defined $dsc, 'Signed .dsc w/ two OpenPGP armor signatures');
+is($dsc->{Source}, 'pass', 'Signed spaced .dsc package name');
+
+$dsc = parse_dsc("$datadir/bogus-armor-spaces.dsc");
+ok(defined $dsc, 'Signed .dsc w/ spaced OpenPGP armor');
+is($dsc->{Source}, 'pass', 'Signed spaced .dsc package name');
+
+$dsc = parse_dsc("$datadir/bogus-armor-nested.dsc");
+ok(defined $dsc, 'Signed .dsc w/ nested OpenPGP armor');
+is($dsc->{Source}, 'pass', 'Signed nested .dsc package name');
diff --git a/scripts/t/700_Dpkg_Control/bogus-armor-double.dsc b/scripts/t/700_Dpkg_Control/bogus-armor-double.dsc
new file mode 100644
index 0000000..1888a00
--- /dev/null
+++ b/scripts/t/700_Dpkg_Control/bogus-armor-double.dsc
@@ -0,0 +1,13 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+Source: pass
+
+-----BEGIN PGP SIGNATURE-----
+
+Valid signature here.
+-----END PGP SIGNATURE-----
+-----BEGIN PGP SIGNATURE-----
+
+Fake signature here.
+-----END PGP SIGNATURE-----
diff --git a/scripts/t/700_Dpkg_Control/bogus-armor-nested.dsc b/scripts/t/700_Dpkg_Control/bogus-armor-nested.dsc
new file mode 100644
index 0000000..ca99c35
--- /dev/null
+++ b/scripts/t/700_Dpkg_Control/bogus-armor-nested.dsc
@@ -0,0 +1,15 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+ 	 
+Source: pass
+  
+-----BEGIN PGP SIGNATURE-----
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+Source: fail
+
+-----BEGIN PGP SIGNATURE-----
+
+Valid signature here.
+-----END PGP SIGNATURE-----
diff --git a/scripts/t/700_Dpkg_Control/bogus-armor-spaces.dsc b/scripts/t/700_Dpkg_Control/bogus-armor-spaces.dsc
new file mode 100644
index 0000000..ab71ab5
--- /dev/null
+++ b/scripts/t/700_Dpkg_Control/bogus-armor-spaces.dsc
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNED MESSAGE-----    	
+Hash: SHA1
+ 	 
+Source: pass
+  
+-----BEGIN PGP SIGNATURE-----		  
+Version: GnuPG v1.4.12 (GNU/Linux)
+  
+Valid signature here.
+-----END PGP SIGNATURE-----
+
+Source: fail
+
+-----BEGIN PGP SIGNATURE
+Version: vim v7.3.547 (GNU/Linux)
+
+Fake signature here.
+-----END PGP SIGNATURE
diff --git a/scripts/t/700_Dpkg_Control/bogus-armor-trail.dsc b/scripts/t/700_Dpkg_Control/bogus-armor-trail.dsc
new file mode 100644
index 0000000..90b00f1
--- /dev/null
+++ b/scripts/t/700_Dpkg_Control/bogus-armor-trail.dsc
@@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNED MESSAGE
+
+Source: fail
+
+-----BEGIN PGP SIGNATURE
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+Source: pass
+
+-----BEGIN PGP SIGNATURE-----   
+
+Valid signature here.
+-----END PGP SIGNATURE-----
diff --git a/scripts/t/700_Dpkg_Control/bogus-unsigned.dsc b/scripts/t/700_Dpkg_Control/bogus-unsigned.dsc
new file mode 100644
index 0000000..7573eb3
--- /dev/null
+++ b/scripts/t/700_Dpkg_Control/bogus-unsigned.dsc
@@ -0,0 +1,5 @@
+-----BEGIN PGP MESSAGE-----
+
+Source: fail
+
+-----END PGP MESSAGE-----

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git

More information about the Reproducible-commits mailing list