diff options
author | Demi Marie Obenour <demi@invisiblethingslab.com> | 2022-03-04 10:43:44 -0500 |
---|---|---|
committer | Michal Domonkos <mdomonko@redhat.com> | 2023-03-13 15:32:25 +0100 |
commit | fddc2def8ad043ba578d7d264e9ad155a02a3fc7 (patch) | |
tree | df2a7d8f6e27741f62cbff0d0b95255105f07d06 | |
parent | 1423ff3b43b12da7fef8c3fc82f0e47af2ff9122 (diff) | |
download | rpm-fddc2def8ad043ba578d7d264e9ad155a02a3fc7.tar.gz |
Check packet types of signatures and public keys
pgpVerifySignature() should check that the provided signature is in fact
a signature, and that provided key is in fact a public key. Otherwise,
a type confusion bug could result if something that is not a signature
or public key is passed. RPM itself never calls pgpVerifySignature()
without having checked the types so all calls in RPM are safe.
(cherry picked from commit 201cd279ec4ea743123d067cf31b04d76f86829e)
-rw-r--r-- | rpmio/rpmpgp_internal.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/rpmio/rpmpgp_internal.c b/rpmio/rpmpgp_internal.c index 964c5fe57..34e03593f 100644 --- a/rpmio/rpmpgp_internal.c +++ b/rpmio/rpmpgp_internal.c @@ -576,6 +576,11 @@ static int pgpCurveByOid(const uint8_t *p, int l) return 0; } +static int isKey(pgpDigParams keyp) +{ + return keyp->tag == PGPTAG_PUBLIC_KEY || keyp->tag == PGPTAG_PUBLIC_SUBKEY; +} + static int pgpPrtPubkeyParams(uint8_t pubkey_algo, const uint8_t *p, const uint8_t *h, size_t hlen, pgpDigParams keyp) @@ -594,9 +599,7 @@ static int pgpPrtPubkeyParams(uint8_t pubkey_algo, rc = processMpis(keyalg->mpis, keyalg, p, pend); /* We can't handle more than one key at a time */ - if (rc == 0 && keyp->alg == NULL && (keyp->tag == PGPTAG_PUBLIC_KEY || - keyp->tag == PGPTAG_PUBLIC_SUBKEY)) - + if (rc == 0 && keyp->alg == NULL && isKey(keyp)) keyp->alg = keyalg; else pgpDigAlgFree(keyalg); @@ -1200,6 +1203,9 @@ rpmRC pgpVerifySignature(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx) if (sig == NULL || ctx == NULL) goto exit; + if (sig->tag != PGPTAG_SIGNATURE) + goto exit; + if (sig->hash != NULL) rpmDigestUpdate(ctx, sig->hash, sig->hashlen); @@ -1226,6 +1232,8 @@ rpmRC pgpVerifySignature(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx) * done all we can, return NOKEY to indicate "looks okay but dunno." */ if (key && key->alg) { + if (!isKey(key)) + goto exit; pgpDigAlg sa = sig->alg; pgpDigAlg ka = key->alg; if (sa && sa->verify && sig->pubkey_algo == key->pubkey_algo) { |