Browse Source

Add explicit message for unsupported binary signature

Verifying the content of Release.gpg made us fail on binary signatures
which were never officially supported (apt-secure manpage only documents
only the generation of ASCII armored), but silently accepted by gpgv as
we passed it on unchecked before.

The binary format is complex and is itself split into old and new
formats so adding support for this would not only add lots of code but
also a good opportunity for bugs and dubious benefit.

Reporting this issue explicitly should help repository creators figure
out the problem faster than the default NODATA message hinting at
captive portals.

Given that the binary format has no file magic or any other clear and
simple indication that this is a detached signature we guess based on
the first two bits only – and by that only supporting the "old" binary
format which seems to be the only one generated by gnupg in this case.

References: e2965b0b6b
Closes: #921685
tags/devuan/2.0.1+devuan1
David Kalnischkies 1 year ago
parent
commit
3e3638dc93
2 changed files with 38 additions and 2 deletions
  1. +16
    -2
      apt-pkg/contrib/gpgv.cc
  2. +22
    -0
      test/integration/test-bug-921685-binary-detached-signature

+ 16
- 2
apt-pkg/contrib/gpgv.cc View File

@@ -297,10 +297,24 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
}
if (found_signatures == 0 && statusfd != -1)
{
// This is not an attack attempt but a file even gpgv would complain about
// likely the result of a paywall which is covered by the gpgv method
auto const errtag = "[GNUPG:] NODATA\n";
FileFd::Write(fd[1], errtag, strlen(errtag));
// guess if this is a binary signature, we never officially supported them,
// but silently accepted them via passing them unchecked to gpgv
if (found_badcontent)
{
rewind(detached.get());
auto ptag = fgetc(detached.get());
// §4.2 says that the first bit is always set and gpg seems to generate
// only old format which is indicated by the second bit not set
if (ptag != EOF && (ptag & 0x80) != 0 && (ptag & 0x40) == 0)
{
apt_error(std::cerr, statusfd, fd, "Detached signature file '%s' is in unsupported binary format", FileGPG.c_str());
local_exit(112);
}
}
// This is not an attack attempt but a file even gpgv would complain about
// likely the result of a paywall which is covered by the gpgv method
local_exit(113);
}
else if (found_badcontent)


+ 22
- 0
test/integration/test-bug-921685-binary-detached-signature View File

@@ -0,0 +1,22 @@
#!/bin/sh
set -e

TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"
setupenvironment
configarchitecture 'amd64'

insertpackage 'unstable' 'foo' 'all' '1'

buildaptarchive
setupdistsaptarchive

for RELEASE in $(find aptarchive -name 'Release'); do
# note the missing --armor
dosigning "keys/joesixpack" --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}"
done

testfailure apt show foo
testfailure aptget update
testsuccess grep 'W: .* Detached signature file .* is in unsupported binary format' rootdir/tmp/testfailure.output
testfailure apt show foo

Loading…
Cancel
Save