diff options
| author | Panu Matilainen <pmatilai@redhat.com> | 2011-10-06 12:49:18 +0300 |
|---|---|---|
| committer | Panu Matilainen <pmatilai@redhat.com> | 2011-10-06 12:49:18 +0300 |
| commit | 9718ede792cc2f4028f7aa5e17ec16a5cf0d7ea7 (patch) | |
| tree | a7e2df5d2d8618ff02fc7d6bc2ffc3a60ca8dd2c | |
| parent | d9932aa63ce12ad0eed3569256933498d7943b8a (diff) | |
| download | librpm-tizen-9718ede792cc2f4028f7aa5e17ec16a5cf0d7ea7.tar.gz librpm-tizen-9718ede792cc2f4028f7aa5e17ec16a5cf0d7ea7.tar.bz2 librpm-tizen-9718ede792cc2f4028f7aa5e17ec16a5cf0d7ea7.zip | |
Sanitize rpmVerifySignature() a bit
- Hash context is required for everything, require non-NULL ctx
in rpmVerifySignature() already
- pgpDig is only relevant for true signature, digest checking doesn't
need it - dont require dummy dig to be passed for digests.
- Treat unknown signatures as a case of bad parameters: we're the
only caller of rpmVerifySignature() so it'd be us screwing up if
we ask for unknown signature to be verified.
- Treat bad parameters as a hard failure instead of "not found",
bad parameters mean we cannot verify the signature which really
equals FAIL.
| -rw-r--r-- | lib/signature.c | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/lib/signature.c b/lib/signature.c index cfb59ec64..952537729 100644 --- a/lib/signature.c +++ b/lib/signature.c @@ -497,11 +497,10 @@ rpmVerifySignature(rpmKeyring keyring, rpmtd sigtd, pgpDig dig, DIGEST_CTX ctx, { rpmRC res = RPMRC_NOTFOUND; char *msg = NULL; + int hdrsig = 0; - if (sigtd->data == NULL || sigtd->count <= 0 || dig == NULL) { - rasprintf(&msg, _("Verify signature: BAD PARAMETERS\n")); + if (sigtd->data == NULL || sigtd->count <= 0 || ctx == NULL) goto exit; - } switch (sigtd->tag) { case RPMSIGTAG_MD5: @@ -512,19 +511,26 @@ rpmVerifySignature(rpmKeyring keyring, rpmtd sigtd, pgpDig dig, DIGEST_CTX ctx, break; case RPMSIGTAG_RSA: case RPMSIGTAG_DSA: - res = verifySignature(keyring, dig, ctx, 1, &msg); - break; + hdrsig = 1; + /* fallthrough */ case RPMSIGTAG_PGP5: /* XXX legacy */ case RPMSIGTAG_PGP: case RPMSIGTAG_GPG: - res = verifySignature(keyring, dig, ctx, 0, &msg); + if (dig != NULL) + res = verifySignature(keyring, dig, ctx, hdrsig, &msg); break; default: - rasprintf(&msg, _("Signature: UNKNOWN (%d)\n"), sigtd->tag); break; } exit: + if (res == RPMRC_NOTFOUND) { + rasprintf(&msg, + _("Verify signature: BAD PARAMETERS (%d %p %d %p %p)\n"), + sigtd->tag, sigtd->data, sigtd->count, ctx, dig); + res = RPMRC_FAIL; + } + if (result) { *result = msg; } else { |