[Reproducible-commits] [dpkg] 22/25: Dpkg::Control::HashCore: Fix OpenPGP Armor Header Line parsing
Holger Levsen
holger at layer-acht.org
Tue May 3 08:43:55 UTC 2016
This is an automated email from the git hooks/post-receive script.
holger pushed a commit to annotated tag 1.16.16
in repository dpkg.
commit c49d104601b673c11c981dc9b6d8247e6da64edd
Author: Guillem Jover <guillem at debian.org>
Date: Thu Mar 19 22:51:46 2015 +0100
Dpkg::Control::HashCore: Fix OpenPGP Armor Header Line parsing
We should only accept [\r\t ] as trailing whitespace, although RFC4880
does not clarify what whitespace really maps to, we should really match
the GnuPG implementation anyway, as that is what we use to verify the
signatures.
Fixes: CVE-2015-0840
Reported-by: Jann Horn <jann at thejh.net>
---
debian/changelog | 5 ++++
scripts/Dpkg/Control/Hash.pm | 28 ++++++++++++----------
scripts/Makefile.am | 1 +
scripts/t/700_Dpkg_Control.t | 5 +++-
.../t/700_Dpkg_Control/bogus-armor-formfeed.dsc | 19 +++++++++++++++
5 files changed, 45 insertions(+), 13 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 59c9250..1d1db7b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -35,6 +35,11 @@ dpkg (1.16.15+nmu1) UNRELEASED; urgency=low
names or checking package ownership of conffiles and directories.
Reported by Joshua Rogers <megamansec at gmail.com>.
* Add powerpcel support to cputable. Thanks to Jae Junh <jaejunh at embian.com>.
+ * Fix OpenPGP Armor Header Line parsing in Dpkg::Control::Hash. We should
+ only accept [\r\t ] as trailing whitespace, although RFC4880 does not
+ clarify what whitespace really maps to, we should really match the GnuPG
+ implementation anyway, as that's what we use to verify the signatures.
+ Reported by Jann Horn <jann at thejh.net>. Fixes CVE-2015-0840.
[ Updated scripts translations ]
* Fix typos in German (Helge Kreutzmann)
diff --git a/scripts/Dpkg/Control/Hash.pm b/scripts/Dpkg/Control/Hash.pm
index b142876..a21b75d 100644
--- a/scripts/Dpkg/Control/Hash.pm
+++ b/scripts/Dpkg/Control/Hash.pm
@@ -175,19 +175,21 @@ sub parse {
my $pgp_signed = 0;
while (<$fh>) {
- s/\s*\n$//;
- next if (m/^$/ and $paraborder);
+ chomp;
+ next if m/^\s*$/ and $paraborder;
next if (m/^#/);
$paraborder = 0;
if (m/^(\S+?)\s*:\s*(.*)$/) {
$parabody = 1;
- if (exists $self->{$1}) {
+ my ($name, $value) = ($1, $2);
+ if (exists $self->{$name}) {
unless ($$self->{'allow_duplicate'}) {
- syntaxerr($desc, sprintf(_g("duplicate field %s found"), $1));
+ syntaxerr($desc, sprintf(_g("duplicate field %s found"), $name));
}
}
- $self->{$1} = $2;
- $cf = $1;
+ $value =~ s/\s*$//;
+ $self->{$name} = $value;
+ $cf = $name;
} elsif (m/^\s(\s*\S.*)$/) {
my $line = $1;
unless (defined($cf)) {
@@ -196,8 +198,9 @@ sub parse {
if ($line =~ /^\.+$/) {
$line = substr $line, 1;
}
+ $line =~ s/\s*$//;
$self->{$cf} .= "\n$line";
- } elsif (m/^-----BEGIN PGP SIGNED MESSAGE-----$/) {
+ } elsif (m/^-----BEGIN PGP SIGNED MESSAGE-----[\r\t ]*$/) {
$expect_pgp_sig = 1;
if ($$self->{'allow_pgp'} and not $parabody) {
# Skip PGP headers
@@ -207,22 +210,23 @@ sub parse {
} else {
syntaxerr($desc, _g("PGP signature not allowed here"));
}
- } elsif (m/^$/ || ($expect_pgp_sig && m/^-----BEGIN PGP SIGNATURE-----$/)) {
+ } elsif (m/^\s*$/ ||
+ ($expect_pgp_sig && m/^-----BEGIN PGP SIGNATURE-----[\r\t ]*$/)) {
if ($expect_pgp_sig) {
# Skip empty lines
$_ = <$fh> while defined($_) && $_ =~ /^\s*$/;
length($_) ||
syntaxerr($desc, _g("expected PGP signature, found EOF " .
"after blank line"));
- s/\s*\n$//;
- unless (m/^-----BEGIN PGP SIGNATURE-----$/) {
+ chomp;
+ unless (m/^-----BEGIN PGP SIGNATURE-----[\r\t ]*$/) {
syntaxerr($desc, sprintf(_g("expected PGP signature, " .
"found something else \`%s'"), $_));
}
# Skip PGP signature
while (<$fh>) {
- s/\s*\n$//;
- last if m/^-----END PGP SIGNATURE-----$/;
+ chomp;
+ last if m/^-----END PGP SIGNATURE-----[\r\t ]*$/;
}
unless (defined($_)) {
syntaxerr($desc, _g("unfinished PGP signature"));
diff --git a/scripts/Makefile.am b/scripts/Makefile.am
index 16760d2..8e7ef93 100644
--- a/scripts/Makefile.am
+++ b/scripts/Makefile.am
@@ -238,6 +238,7 @@ test_data = \
t/700_Dpkg_Control/control-1 \
t/700_Dpkg_Control/bogus-unsigned.dsc \
t/700_Dpkg_Control/bogus-armor-double.dsc \
+ t/700_Dpkg_Control/bogus-armor-formfeed.dsc \
t/700_Dpkg_Control/bogus-armor-no-sig.dsc \
t/700_Dpkg_Control/bogus-armor-trail.dsc \
t/700_Dpkg_Control/bogus-armor-inline.dsc \
diff --git a/scripts/t/700_Dpkg_Control.t b/scripts/t/700_Dpkg_Control.t
index 074e084..2331b10 100644
--- a/scripts/t/700_Dpkg_Control.t
+++ b/scripts/t/700_Dpkg_Control.t
@@ -13,7 +13,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-use Test::More tests => 22;
+use Test::More tests => 23;
use strict;
use warnings;
@@ -118,6 +118,9 @@ is($dsc, undef, 'Signed .dsc w/ bogus OpenPGP armor trailer');
$dsc = parse_dsc("$datadir/bogus-armor-inline.dsc");
is($dsc, undef, 'Signed .dsc w/ bogus OpenPGP inline armor');
+$dsc = parse_dsc("$datadir/bogus-armor-formfeed.dsc");
+is($dsc, undef, 'Signed .dsc w/ bogus OpenPGP armor line');
+
$dsc = parse_dsc("$datadir/bogus-armor-double.dsc");
ok(defined $dsc, 'Signed .dsc w/ two OpenPGP armor signatures');
is($dsc->{Source}, 'pass', 'Signed spaced .dsc package name');
diff --git a/scripts/t/700_Dpkg_Control/bogus-armor-formfeed.dsc b/scripts/t/700_Dpkg_Control/bogus-armor-formfeed.dsc
new file mode 100644
index 0000000..70aab18
--- /dev/null
+++ b/scripts/t/700_Dpkg_Control/bogus-armor-formfeed.dsc
@@ -0,0 +1,19 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+Source: fail
+
+-----BEGIN PGP SIGNATURE-----
+Version: vim v7.3.547 (GNU/Linux)
+
+Fake signature here.
+-----END PGP SIGNATURE-----
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+Source: pass
+
+-----BEGIN PGP SIGNATURE
+Version: GnuPG v1.4.12 (GNU/Linux)
+
+Valid signature here.
+-----END PGP SIGNATURE-----
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git
More information about the Reproducible-commits
mailing list