[Reproducible-commits] [dpkg] 05/08: Dpkg::Control::Hash: Do not accept Armor Header Lines inside a paragraph

Holger Levsen holger at layer-acht.org
Tue May 3 08:43:21 UTC 2016 

This is an automated email from the git hooks/post-receive script.

holger pushed a commit to annotated tag 1.15.12
in repository dpkg.

commit 06028473a921c12e96440a59d49d67514062d2d2
Author: Guillem Jover <guillem at debian.org>
Date:   Sun Dec 23 03:03:44 2012 +0100

    Dpkg::Control::Hash: Do not accept Armor Header Lines inside a paragraph
    
    Cherry picked from commit afe626640a81a0191b06e2f4ae16eb2bd1b228c3.
    
    Make sure that no fields are injected before a signed block.
    
    Although the only possible attack is to add fields not present in the
    signed block, as otherwise a syntax error due to duplicate field is
    triggered.
    
    Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
    Signed-off-by: Guillem Jover <guillem at debian.org>
---
 debian/changelog                                  | 1 +
 scripts/Dpkg/Control/Hash.pm                      | 4 +++-
 scripts/Makefile.am                               | 1 +
 scripts/t/700_Dpkg_Control.t                      | 5 ++++-
 scripts/t/700_Dpkg_Control/bogus-armor-inline.dsc | 9 +++++++++
 5 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 93d614f..bad3289 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,7 @@ dpkg (1.15.12) UNRELEASED; urgency=high
   * Fix OpenPGP armored signature parsing, to be resilient against doctored
     input, including source package control files. Closes: #695919
   * Make sure the OpenGPG armor contains a signature block, even on EOF.
+  * Do not accept Armor Header Lines inside a paragraph.
 
  -- Guillem Jover <guillem at debian.org>  Fri, 01 May 2015 22:02:43 +0200
 
diff --git a/scripts/Dpkg/Control/Hash.pm b/scripts/Dpkg/Control/Hash.pm
index 0ad19c8..c5f6537 100644
--- a/scripts/Dpkg/Control/Hash.pm
+++ b/scripts/Dpkg/Control/Hash.pm
@@ -159,6 +159,7 @@ sub parse {
     my ($self, $fh, $desc) = @_;
 
     my $paraborder = 1;
+    my $parabody = 0;
     my $cf; # Current field
     my $expect_pgp_sig = 0;
     my $pgp_signed = 0;
@@ -169,6 +170,7 @@ sub parse {
 	next if (m/^#/);
 	$paraborder = 0;
 	if (m/^(\S+?)\s*:\s*(.*)$/) {
+	    $parabody = 1;
 	    if (exists $self->{$1}) {
 		unless ($$self->{'allow_duplicate'}) {
 		    syntaxerr($desc, sprintf(_g("duplicate field %s found"), $1));
@@ -187,7 +189,7 @@ sub parse {
 	    $self->{$cf} .= "\n$line";
 	} elsif (m/^-----BEGIN PGP SIGNED MESSAGE-----$/) {
 	    $expect_pgp_sig = 1;
-	    if ($$self->{'allow_pgp'}) {
+	    if ($$self->{'allow_pgp'} and not $parabody) {
 		# Skip PGP headers
 		while (<$fh>) {
 		    last if m/^\s*$/;
diff --git a/scripts/Makefile.am b/scripts/Makefile.am
index 738cbe3..ccabf56 100644
--- a/scripts/Makefile.am
+++ b/scripts/Makefile.am
@@ -233,6 +233,7 @@ test_data = \
 	t/700_Dpkg_Control/bogus-armor-double.dsc \
 	t/700_Dpkg_Control/bogus-armor-no-sig.dsc \
 	t/700_Dpkg_Control/bogus-armor-trail.dsc \
+	t/700_Dpkg_Control/bogus-armor-inline.dsc \
 	t/700_Dpkg_Control/bogus-armor-nested.dsc \
 	t/700_Dpkg_Control/bogus-armor-spaces.dsc \
 	t/750_Dpkg_Substvars/substvars1 \
diff --git a/scripts/t/700_Dpkg_Control.t b/scripts/t/700_Dpkg_Control.t
index 1597d93..8bd7abb 100644
--- a/scripts/t/700_Dpkg_Control.t
+++ b/scripts/t/700_Dpkg_Control.t
@@ -13,7 +13,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-use Test::More tests => 21;
+use Test::More tests => 22;
 
 use strict;
 use warnings;
@@ -111,6 +111,9 @@ is($dsc, undef, 'Signed .dsc w/ OpenPGP armor missing signature');
 $dsc = parse_dsc("$datadir/bogus-armor-trail.dsc");
 is($dsc, undef, 'Signed .dsc w/ bogus OpenPGP armor trailer');
 
+$dsc = parse_dsc("$datadir/bogus-armor-inline.dsc");
+is($dsc, undef, 'Signed .dsc w/ bogus OpenPGP inline armor');
+
 $dsc = parse_dsc("$datadir/bogus-armor-double.dsc");
 ok(defined $dsc, 'Signed .dsc w/ two OpenPGP armor signatures');
 is($dsc->{Source}, 'pass', 'Signed spaced .dsc package name');
diff --git a/scripts/t/700_Dpkg_Control/bogus-armor-inline.dsc b/scripts/t/700_Dpkg_Control/bogus-armor-inline.dsc
new file mode 100644
index 0000000..44942c1
--- /dev/null
+++ b/scripts/t/700_Dpkg_Control/bogus-armor-inline.dsc
@@ -0,0 +1,9 @@
+Source: fail
+-----BEGIN PGP SIGNED MESSAGE-----
+    
+Binary: pass
+    
+-----BEGIN PGP SIGNATURE-----
+
+Valid signature here.
+-----END PGP SIGNATURE-----

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git

More information about the Reproducible-commits mailing list