diff options
author | Demi Marie Obenour <demi@invisiblethingslab.com> | 2022-03-04 10:43:44 -0500 |
---|---|---|
committer | Panu Matilainen <pmatilai@redhat.com> | 2022-11-03 09:43:17 +0200 |
commit | 201cd279ec4ea743123d067cf31b04d76f86829e (patch) | |
tree | ea8e4cb2c8ce19980212d3eeac86fe34616d9f21 /rpmio | |
parent | ec13083f46a1efe8700925538b4f98dc45af93bc (diff) | |
download | rpm-201cd279ec4ea743123d067cf31b04d76f86829e.tar.gz |
Check packet types of signatures and public keys
pgpVerifySignature() should check that the provided signature is in fact
a signature, and that provided key is in fact a public key. Otherwise,
a type confusion bug could result if something that is not a signature
or public key is passed. RPM itself never calls pgpVerifySignature()
without having checked the types so all calls in RPM are safe.
Diffstat (limited to 'rpmio')
-rw-r--r-- | rpmio/rpmpgp_internal.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/rpmio/rpmpgp_internal.c b/rpmio/rpmpgp_internal.c index e2615a22c..3ae6ebd9d 100644 --- a/rpmio/rpmpgp_internal.c +++ b/rpmio/rpmpgp_internal.c @@ -568,6 +568,11 @@ static int pgpCurveByOid(const uint8_t *p, int l) return 0; } +static int isKey(pgpDigParams keyp) +{ + return keyp->tag == PGPTAG_PUBLIC_KEY || keyp->tag == PGPTAG_PUBLIC_SUBKEY; +} + static int pgpPrtPubkeyParams(uint8_t pubkey_algo, const uint8_t *p, const uint8_t *h, size_t hlen, pgpDigParams keyp) @@ -586,9 +591,7 @@ static int pgpPrtPubkeyParams(uint8_t pubkey_algo, rc = processMpis(keyalg->mpis, keyalg, p, pend); /* We can't handle more than one key at a time */ - if (rc == 0 && keyp->alg == NULL && (keyp->tag == PGPTAG_PUBLIC_KEY || - keyp->tag == PGPTAG_PUBLIC_SUBKEY)) - + if (rc == 0 && keyp->alg == NULL && isKey(keyp)) keyp->alg = keyalg; else pgpDigAlgFree(keyalg); @@ -1124,6 +1127,9 @@ rpmRC pgpVerifySignature(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx) if (sig == NULL || ctx == NULL) goto exit; + if (sig->tag != PGPTAG_SIGNATURE) + goto exit; + if (sig->hash != NULL) rpmDigestUpdate(ctx, sig->hash, sig->hashlen); @@ -1150,6 +1156,8 @@ rpmRC pgpVerifySignature(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx) * done all we can, return NOKEY to indicate "looks okay but dunno." */ if (key && key->alg) { + if (!isKey(key)) + goto exit; pgpDigAlg sa = sig->alg; pgpDigAlg ka = key->alg; if (sa && sa->verify && sig->pubkey_algo == key->pubkey_algo) { |