From c8dbe9d10b621c46eac0565d515767c50597f4e8 Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Tue, 12 Jun 2007 11:22:49 +0300 Subject: [PATCH] Skip packages/headers with non-verifiable signatures and treat them as errors (rhbz#239557) --- lib/package.c | 38 ++++++++++++++++++++------------------ lib/rpmchecksig.c | 7 ++++--- 2 files changed, 24 insertions(+), 21 deletions(-) diff --git a/lib/package.c b/lib/package.c index db9cf56..e6e089e 100644 --- a/lib/package.c +++ b/lib/package.c @@ -542,11 +542,12 @@ verifyinfo_exit: /* Parse the parameters from the OpenPGP packets that will be needed. */ xx = pgpPrtPkts(sig, info->count, dig, (_print_pkts & rpmIsDebug())); if (dig->signature.version != 3 && dig->signature.version != 4) { - rpmMessage(RPMMESS_WARNING, - _("only V3 and V4 signatures can be verified, skipping V%u signature\n"), + rpmMessage(RPMMESS_ERROR, + _("skipping header with unverifiable V%u signature\n"), dig->signature.version); rpmtsCleanDig(ts); - goto verifyinfo_exit; + rc = RPMRC_FAIL; + goto exit; } ildl[0] = htonl(ril); @@ -582,11 +583,12 @@ verifyinfo_exit: /* Parse the parameters from the OpenPGP packets that will be needed. */ xx = pgpPrtPkts(sig, info->count, dig, (_print_pkts & rpmIsDebug())); if (dig->signature.version != 3 && dig->signature.version != 4) { - rpmMessage(RPMMESS_WARNING, - _("only V3 and V4 signatures can be verified, skipping V%u signature\n"), + rpmMessage(RPMMESS_ERROR, + _("skipping header with unverifiable V%u signature\n"), dig->signature.version); rpmtsCleanDig(ts); - goto verifyinfo_exit; + rc = RPMRC_FAIL; + goto exit; } /*@fallthrough@*/ case RPMTAG_SHA1HEADER: @@ -916,10 +918,10 @@ rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp) /* Parse the parameters from the OpenPGP packets that will be needed. */ xx = pgpPrtPkts(sig, siglen, dig, (_print_pkts & rpmIsDebug())); if (dig->signature.version != 3 && dig->signature.version != 4) { - rpmMessage(RPMMESS_WARNING, - _("only V3 and V4 signatures can be verified, skipping V%u signature\n"), - dig->signature.version); - rc = RPMRC_OK; /* XXX return header w/o verify */ + rpmMessage(RPMMESS_ERROR, + _("skipping package %s with unverifiable V%u signature\n"), + fn, dig->signature.version); + rc = RPMRC_FAIL; goto exit; } { void * uh = NULL; @@ -942,10 +944,10 @@ rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp) /* Parse the parameters from the OpenPGP packets that will be needed. */ xx = pgpPrtPkts(sig, siglen, dig, (_print_pkts & rpmIsDebug())); if (dig->signature.version != 3 && dig->signature.version != 4) { - rpmMessage(RPMMESS_WARNING, - _("only V3 and V4 signatures can be verified, skipping V%u signature\n"), - dig->signature.version); - rc = RPMRC_OK; /* XXX return header w/o verify */ + rpmMessage(RPMMESS_ERROR, + _("skipping package %s with unverifiable V%u signature\n"), + fn, dig->signature.version); + rc = RPMRC_FAIL; goto exit; } /*@fallthrough@*/ @@ -974,10 +976,10 @@ rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp) xx = pgpPrtPkts(sig, siglen, dig, (_print_pkts & rpmIsDebug())); if (dig->signature.version != 3 && dig->signature.version != 4) { - rpmMessage(RPMMESS_WARNING, - _("only V3 and V4 signatures can be verified, skipping V%u signature\n"), - dig->signature.version); - rc = RPMRC_OK; /* XXX return header w/o verify */ + rpmMessage(RPMMESS_ERROR, + _("skipping package %s with unverifiable V%u signature\n"), + fn, dig->signature.version); + rc = RPMRC_FAIL; goto exit; } /*@fallthrough@*/ diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c index c587fca..552ebb5 100644 --- a/lib/rpmchecksig.c +++ b/lib/rpmchecksig.c @@ -862,9 +862,10 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, if (sigp->version != 3 && sigp->version != 4) { rpmError(RPMERR_SIGVFY, - _("only V3 or V4 signatures can be verified, skipping V%u signature\n"), - sigp->version); - continue; + _("skipping package %s with unverifiable V%u signature\n"), + fn, sigp->version); + res++; + goto exit; } /*@switchbreak@*/ break; case RPMSIGTAG_SHA1: -- 2.7.4