[Reproducible-commits] [dpkg] 05/10: Dpkg::Control::HashCore: Fix OpenPGP Armor Header Line parsing
Holger Levsen
holger at layer-acht.org
Tue May 3 08:44:18 UTC 2016
This is an automated email from the git hooks/post-receive script.
holger pushed a commit to annotated tag 1.17.25
in repository dpkg.
commit b4ccfe4982161b8beb44f1d0c98f791c4f238edd
Author: Guillem Jover <guillem at debian.org>
Date: Thu Mar 19 22:51:46 2015 +0100
Dpkg::Control::HashCore: Fix OpenPGP Armor Header Line parsing
We should only accept [\r\t ] as trailing whitespace, although RFC4880
does not clarify what whitespace really maps to, we should really match
the GnuPG implementation anyway, as that is what we use to verify the
signatures.
Fixes: CVE-2015-0840
Reported-by: Jann Horn <jann at thejh.net>
---
debian/changelog | 5 +++++
scripts/Dpkg/Control/HashCore.pm | 19 +++++++++++--------
scripts/Makefile.am | 1 +
scripts/t/Dpkg_Control.t | 5 ++++-
scripts/t/Dpkg_Control/bogus-armor-formfeed.dsc | 19 +++++++++++++++++++
5 files changed, 40 insertions(+), 9 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index c53b757..4896319 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,11 @@ dpkg (1.17.25) UNRELEASED; urgency=low
[ Guillem Jover ]
* Do not leak kvm descriptors in start-stop-daemon on GNU/kFreeBSD systems.
Based on a patch by Jeff Epler <jepler at unpythonic.net>. Closes: #779467
+ * Fix OpenPGP Armor Header Line parsing in Dpkg::Control::Hash. We should
+ only accept [\r\t ] as trailing whitespace, although RFC4880 does not
+ clarify what whitespace really maps to, we should really match the GnuPG
+ implementation anyway, as that's what we use to verify the signatures.
+ Reported by Jann Horn <jann at thejh.net>. Fixes CVE-2015-0840.
[ Updated programs translations ]
* Dutch (Frans Spiesschaert). Closes: #779953
diff --git a/scripts/Dpkg/Control/HashCore.pm b/scripts/Dpkg/Control/HashCore.pm
index 23d7fd0..d9e0373 100644
--- a/scripts/Dpkg/Control/HashCore.pm
+++ b/scripts/Dpkg/Control/HashCore.pm
@@ -196,8 +196,8 @@ sub parse {
local $_;
while (<$fh>) {
- s/\s*\n$//;
- next if length == 0 and $paraborder;
+ chomp;
+ next if m/^\s*$/ and $paraborder;
next if (m/^#/);
$paraborder = 0;
if (m/^(\S+?)\s*:\s*(.*)$/) {
@@ -211,6 +211,7 @@ sub parse {
$self->parse_error($desc, _g('duplicate field %s found'), $name);
}
}
+ $value =~ s/\s*$//;
$self->{$name} = $value;
$cf = $name;
} elsif (m/^\s(\s*\S.*)$/) {
@@ -221,8 +222,9 @@ sub parse {
if ($line =~ /^\.+$/) {
$line = substr $line, 1;
}
+ $line =~ s/\s*$//;
$self->{$cf} .= "\n$line";
- } elsif (m/^-----BEGIN PGP SIGNED MESSAGE-----$/) {
+ } elsif (m/^-----BEGIN PGP SIGNED MESSAGE-----[\r\t ]*$/) {
$expect_pgp_sig = 1;
if ($$self->{allow_pgp} and not $parabody) {
# Skip OpenPGP headers
@@ -232,7 +234,8 @@ sub parse {
} else {
$self->parse_error($desc, _g('OpenPGP signature not allowed here'));
}
- } elsif (length == 0 || ($expect_pgp_sig && m/^-----BEGIN PGP SIGNATURE-----$/)) {
+ } elsif (m/^\s*$/ ||
+ ($expect_pgp_sig && m/^-----BEGIN PGP SIGNATURE-----[\r\t ]*$/)) {
if ($expect_pgp_sig) {
# Skip empty lines
$_ = <$fh> while defined && m/^\s*$/;
@@ -240,15 +243,15 @@ sub parse {
$self->parse_error($desc, _g('expected OpenPGP signature, ' .
'found EOF after blank line'));
}
- s/\s*\n$//;
- unless (m/^-----BEGIN PGP SIGNATURE-----$/) {
+ chomp;
+ unless (m/^-----BEGIN PGP SIGNATURE-----[\r\t ]*$/) {
$self->parse_error($desc, _g('expected OpenPGP signature, ' .
"found something else \`%s'"), $_);
}
# Skip OpenPGP signature
while (<$fh>) {
- s/\s*\n$//;
- last if m/^-----END PGP SIGNATURE-----$/;
+ chomp;
+ last if m/^-----END PGP SIGNATURE-----[\r\t ]*$/;
}
unless (defined) {
$self->parse_error($desc, _g('unfinished OpenPGP signature'));
diff --git a/scripts/Makefile.am b/scripts/Makefile.am
index 8ffae3a..dd18d92 100644
--- a/scripts/Makefile.am
+++ b/scripts/Makefile.am
@@ -272,6 +272,7 @@ test_data = \
t/Dpkg_Control/control-1 \
t/Dpkg_Control/bogus-unsigned.dsc \
t/Dpkg_Control/bogus-armor-double.dsc \
+ t/Dpkg_Control/bogus-armor-formfeed.dsc \
t/Dpkg_Control/bogus-armor-no-sig.dsc \
t/Dpkg_Control/bogus-armor-trail.dsc \
t/Dpkg_Control/bogus-armor-inline.dsc \
diff --git a/scripts/t/Dpkg_Control.t b/scripts/t/Dpkg_Control.t
index 6f949c3..1507678 100644
--- a/scripts/t/Dpkg_Control.t
+++ b/scripts/t/Dpkg_Control.t
@@ -16,7 +16,7 @@
use strict;
use warnings;
-use Test::More tests => 23;
+use Test::More tests => 24;
use IO::String;
BEGIN {
@@ -120,6 +120,9 @@ is($dsc, undef, 'Signed .dsc w/ bogus OpenPGP armor trailer');
$dsc = parse_dsc("$datadir/bogus-armor-inline.dsc");
is($dsc, undef, 'Signed .dsc w/ bogus OpenPGP inline armor');
+$dsc = parse_dsc("$datadir/bogus-armor-formfeed.dsc");
+is($dsc, undef, 'Signed .dsc w/ bogus OpenPGP armor line');
+
$dsc = parse_dsc("$datadir/bogus-armor-double.dsc");
ok(defined $dsc, 'Signed .dsc w/ two OpenPGP armor signatures');
is($dsc->{Source}, 'pass', 'Signed spaced .dsc package name');
diff --git a/scripts/t/Dpkg_Control/bogus-armor-formfeed.dsc b/scripts/t/Dpkg_Control/bogus-armor-formfeed.dsc
new file mode 100644
index 0000000..70aab18
--- /dev/null
+++ b/scripts/t/Dpkg_Control/bogus-armor-formfeed.dsc
@@ -0,0 +1,19 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+Source: fail
+
+-----BEGIN PGP SIGNATURE-----
+Version: vim v7.3.547 (GNU/Linux)
+
+Fake signature here.
+-----END PGP SIGNATURE-----
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+Source: pass
+
+-----BEGIN PGP SIGNATURE
+Version: GnuPG v1.4.12 (GNU/Linux)
+
+Valid signature here.
+-----END PGP SIGNATURE-----
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git
More information about the Reproducible-commits
mailing list