Harden signature verification process
This mostly boils down to making sure control_started and data_started are consistently used to gate actions, instead of relying whether on file names start with a '.'. None of the weaknesses this fixes are exploitable, but they might have become so after changes to seemingly-unrelated code, so it's good to clean them up.cute-signatures
parent
093c4b8077
commit
d25e5e3879
|
@ -2388,7 +2388,19 @@ static int apk_db_install_archive_entry(void *_ctx,
|
||||||
if (r <= 0)
|
if (r <= 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
r = 0;
|
/* Package metainfo and script processing */
|
||||||
|
if (ctx->sctx.control_started && !ctx->sctx.data_started) {
|
||||||
|
if (strcmp(ae->name, ".PKGINFO") == 0) {
|
||||||
|
apk_blob_t l, token = APK_BLOB_STR("\n");
|
||||||
|
while (!APK_BLOB_IS_NULL(l = apk_istream_get_delim(is, token)))
|
||||||
|
read_info_line(ctx, l);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
if (ae->name[0] == '.')
|
||||||
|
type = apk_script_type(&ae->name[1]);
|
||||||
|
if (type == APK_SCRIPT_INVALID)
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/* Sanity check the file name */
|
/* Sanity check the file name */
|
||||||
if (ae->name[0] == '/' ||
|
if (ae->name[0] == '/' ||
|
||||||
|
@ -2402,20 +2414,6 @@ static int apk_db_install_archive_entry(void *_ctx,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Package metainfo and script processing */
|
|
||||||
if (ae->name[0] == '.') {
|
|
||||||
/* APK 2.0 format */
|
|
||||||
if (strcmp(ae->name, ".PKGINFO") == 0) {
|
|
||||||
apk_blob_t l, token = APK_BLOB_STR("\n");
|
|
||||||
while (!APK_BLOB_IS_NULL(l = apk_istream_get_delim(is, token)))
|
|
||||||
read_info_line(ctx, l);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
type = apk_script_type(&ae->name[1]);
|
|
||||||
if (type == APK_SCRIPT_INVALID)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Handle script */
|
/* Handle script */
|
||||||
if (type != APK_SCRIPT_INVALID) {
|
if (type != APK_SCRIPT_INVALID) {
|
||||||
apk_ipkg_add_script(ipkg, is, type, ae->size);
|
apk_ipkg_add_script(ipkg, is, type, ae->size);
|
||||||
|
|
|
@ -613,14 +613,16 @@ int apk_sign_ctx_parse_pkginfo_line(void *ctx, apk_blob_t line)
|
||||||
struct apk_sign_ctx *sctx = (struct apk_sign_ctx *) ctx;
|
struct apk_sign_ctx *sctx = (struct apk_sign_ctx *) ctx;
|
||||||
apk_blob_t l, r;
|
apk_blob_t l, r;
|
||||||
|
|
||||||
|
if (!sctx->control_started || sctx->data_started)
|
||||||
|
return 0;
|
||||||
|
|
||||||
if (line.ptr == NULL || line.len < 1 || line.ptr[0] == '#')
|
if (line.ptr == NULL || line.len < 1 || line.ptr[0] == '#')
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (!apk_blob_split(line, APK_BLOB_STR(" = "), &l, &r))
|
if (!apk_blob_split(line, APK_BLOB_STR(" = "), &l, &r))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (sctx->data_started == 0 &&
|
if (apk_blob_compare(APK_BLOB_STR("datahash"), l) == 0) {
|
||||||
apk_blob_compare(APK_BLOB_STR("datahash"), l) == 0) {
|
|
||||||
sctx->has_data_checksum = 1;
|
sctx->has_data_checksum = 1;
|
||||||
sctx->md = EVP_sha256();
|
sctx->md = EVP_sha256();
|
||||||
apk_blob_pull_hexdump(
|
apk_blob_pull_hexdump(
|
||||||
|
@ -641,6 +643,9 @@ int apk_sign_ctx_verify_tar(void *sctx, const struct apk_file_info *fi,
|
||||||
if (r <= 0)
|
if (r <= 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
if (!ctx->control_started || ctx->data_started)
|
||||||
|
return 0;
|
||||||
|
|
||||||
if (strcmp(fi->name, ".PKGINFO") == 0) {
|
if (strcmp(fi->name, ".PKGINFO") == 0) {
|
||||||
apk_blob_t l, token = APK_BLOB_STR("\n");
|
apk_blob_t l, token = APK_BLOB_STR("\n");
|
||||||
while (!APK_BLOB_IS_NULL(l = apk_istream_get_delim(is, token)))
|
while (!APK_BLOB_IS_NULL(l = apk_istream_get_delim(is, token)))
|
||||||
|
@ -891,13 +896,15 @@ static int read_info_entry(void *ctx, const struct apk_file_info *ae,
|
||||||
struct apk_package *pkg = ri->pkg;
|
struct apk_package *pkg = ri->pkg;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
/* Meta info and scripts */
|
|
||||||
r = apk_sign_ctx_process_file(ri->sctx, ae, is);
|
r = apk_sign_ctx_process_file(ri->sctx, ae, is);
|
||||||
if (r <= 0) return r;
|
if (r <= 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
if (!ri->sctx->control_started || ri->sctx->data_started)
|
||||||
|
return 0;
|
||||||
|
|
||||||
if (ae->name[0] == '.') {
|
|
||||||
/* APK 2.0 format */
|
|
||||||
if (strcmp(ae->name, ".PKGINFO") == 0) {
|
if (strcmp(ae->name, ".PKGINFO") == 0) {
|
||||||
|
/* APK 2.0 format */
|
||||||
apk_blob_t l, token = APK_BLOB_STR("\n");
|
apk_blob_t l, token = APK_BLOB_STR("\n");
|
||||||
while (!APK_BLOB_IS_NULL(l = apk_istream_get_delim(is, token)))
|
while (!APK_BLOB_IS_NULL(l = apk_istream_get_delim(is, token)))
|
||||||
read_info_line(ctx, l);
|
read_info_line(ctx, l);
|
||||||
|
@ -905,8 +912,6 @@ static int read_info_entry(void *ctx, const struct apk_file_info *ae,
|
||||||
apk_warning("Package '%s-%s' contains deprecated .INSTALL",
|
apk_warning("Package '%s-%s' contains deprecated .INSTALL",
|
||||||
pkg->name->name, pkg->version);
|
pkg->name->name, pkg->version);
|
||||||
}
|
}
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue