diff options
-rw-r--r-- | lib/rpmvs.c | 14 | ||||
-rw-r--r-- | tests/Makefile.am | 1 | ||||
-rw-r--r-- | tests/data/RPMS/hello-2.0-1.x86_64-corrupted.rpm | bin | 0 -> 3216 bytes | |||
-rw-r--r-- | tests/rpmsigdig.at | 40 |
4 files changed, 52 insertions, 3 deletions
diff --git a/lib/rpmvs.c b/lib/rpmvs.c index 20a3e28a2..88f2b200f 100644 --- a/lib/rpmvs.c +++ b/lib/rpmvs.c @@ -451,7 +451,7 @@ int rpmvsVerify(struct rpmvs_s *sis, int type, { int failed = 0; int cont = 1; - int range = 0; + int range = 0, vfylevel = sis->vfylevel; int verified[3] = { 0, 0, 0 }; /* sort for consistency and rough "better comes first" semantics*/ @@ -478,6 +478,14 @@ int rpmvsVerify(struct rpmvs_s *sis, int type, } } + /* Unconditionally reject partially signed packages */ + if (verified[RPMSIG_SIGNATURE_TYPE]) + vfylevel |= RPMSIG_SIGNATURE_TYPE; + + /* Cannot verify payload if RPMVSF_NEEDPAYLOAD is set */ + if (sis->vsflags & RPMVSF_NEEDPAYLOAD) + range &= ~RPMSIG_PAYLOAD; + for (int i = 0; i < sis->nsigs && cont; i++) { struct rpmsinfo_s *sinfo = &sis->sigs[i]; int strength = (sinfo->type | sinfo->strength); @@ -490,11 +498,11 @@ int rpmvsVerify(struct rpmvs_s *sis, int type, sinfo->rc = RPMRC_NOTFOUND; } - if (sis->vfylevel & strength & RPMSIG_DIGEST_TYPE) { + if (vfylevel & strength & RPMSIG_DIGEST_TYPE) { int missing = (range & ~verified[RPMSIG_DIGEST_TYPE]); required |= (missing & sinfo->range); } - if (sis->vfylevel & strength & RPMSIG_SIGNATURE_TYPE) { + if (vfylevel & strength & RPMSIG_SIGNATURE_TYPE) { int missing = (range & ~verified[RPMSIG_SIGNATURE_TYPE]); required |= (missing & sinfo->range); } diff --git a/tests/Makefile.am b/tests/Makefile.am index 0840075fb..c66e801da 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -103,6 +103,7 @@ EXTRA_DIST += data/RPMS/hello-2.0-1.x86_64.rpm EXTRA_DIST += data/RPMS/hello-2.0-1.x86_64-signed.rpm EXTRA_DIST += data/RPMS/hlinktest-1.0-1.noarch.rpm EXTRA_DIST += data/RPMS/imatest-1.0-1.fc34.noarch.rpm +EXTRA_DIST += data/RPMS/hello-2.0-1.x86_64-corrupted.rpm EXTRA_DIST += data/SRPMS/foo-1.0-1.src.rpm EXTRA_DIST += data/SRPMS/hello-1.0-1.src.rpm EXTRA_DIST += data/SOURCES/hello.c diff --git a/tests/data/RPMS/hello-2.0-1.x86_64-corrupted.rpm b/tests/data/RPMS/hello-2.0-1.x86_64-corrupted.rpm Binary files differnew file mode 100644 index 000000000..2a6173ba0 --- /dev/null +++ b/tests/data/RPMS/hello-2.0-1.x86_64-corrupted.rpm diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at index d60c58869..f8373c640 100644 --- a/tests/rpmsigdig.at +++ b/tests/rpmsigdig.at @@ -445,12 +445,52 @@ runroot rpmkeys -Kv /tmp/${pkg} Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc) Payload SHA256 ALT digest: NOTFOUND V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD + DSA signature: NOTFOUND MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != d662cd0d81601a7107312684ad1ddf38) ], []) AT_CLEANUP # ------------------------------ +# Test pre-built corrupted package verification (corrupted payload) +AT_SETUP([rpmkeys -Kv <corrupted signed> 4]) +AT_KEYWORDS([rpmkeys digest signature]) +AT_CHECK([ +RPMDB_INIT[( + +dorpm () { + runroot rpmkeys --define '_pkgverify_level digest' \ + --define '_pkgverify_flags 0x10000' "$1" \ + /data/RPMS/hello-2.0-1.x86_64-corrupted.rpm + [ "$?" -eq 1 ] || exit 1 +} + +dorpm -K +dorpm -Kv +runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub +dorpm -K +dorpm -Kv +)]], +[0], +[[/data/RPMS/hello-2.0-1.x86_64-corrupted.rpm: digests SIGNATURES NOT OK +/data/RPMS/hello-2.0-1.x86_64-corrupted.rpm: + Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY + Header SHA256 digest: OK + MD5 digest: OK +/data/RPMS/hello-2.0-1.x86_64-corrupted.rpm: DIGESTS SIGNATURES NOT OK +/data/RPMS/hello-2.0-1.x86_64-corrupted.rpm: + Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK + Header SHA256 digest: OK + Payload SHA256 digest: NOTFOUND + Payload SHA256 ALT digest: NOTFOUND + RSA signature: NOTFOUND + DSA signature: NOTFOUND + MD5 digest: OK +]], +[]) +AT_CLEANUP + +# ------------------------------ # Test --addsign AT_SETUP([rpmsign --addsign]) AT_KEYWORDS([rpmsign signature]) |