apt-pkg/acquire-item.cc: Reject files known to be invalid (LP: #346386) (Closes:...

This commit deals with the following cases:

  - First section of index file (Packages,Sources,Translation) without Package field
  - Signed release files without GPG data (NODATA)
  - i18n/Index files without hash sums

Handling unsigned Release files is more complicated, and the example code
using indexRecords is disabled as it can reject correct Release files
without hashes. How we can reliably check unsigned Release files is
another question, and not urgent anyway, as it should have no
dramatic effect (we could check that it is a valid RFC-822 section,
but that's a bit too long to write)

diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 6785b4e1be9413d1d80787fa340cbed4f5e0ec82..6df915d8eeea893e4ee5df6464bf83fb6e2ed822 100644 (file)
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -271,6 +271,14 @@ void pkgAcqSubIndex::Done(string Message,unsigned long Size,string Md5Hash,        /*{{
 
    string FinalFile = _config->FindDir("Dir::State::lists")+URItoFileName(Desc.URI);
 
+   /* Downloaded invalid transindex => Error (LP: #346386) (Closes: #195301) */
+   indexRecords SubIndexParser;
+   if (FileExists(DestFile) == true && !SubIndexParser.Load(DestFile)) {
+      Status = StatError;
+      ErrorText = SubIndexParser.ErrorText;
+      return;
+   }
+
    // sucess in downloading the index
    // rename the index
    if(Debug)
@@ -894,6 +902,27 @@ void pkgAcqIndex::Done(string Message,unsigned long Size,string Hash,
         ReportMirrorFailure("HashChecksumFailure");
          return;
       }
+
+      /* Verify the index file for correctness (all indexes must
+       * have a Package field) (LP: #346386) (Closes: #195301) */
+      {
+        FileFd fd(DestFile, FileFd::ReadOnly);
+        pkgTagSection sec;
+        pkgTagFile tag(&fd);
+
+        if (_error->PendingError() || !tag.Step(sec)) {
+           Status = StatError;
+           _error->DumpErrors();
+           Rename(DestFile,DestFile + ".FAILED");
+           return;
+        } else if (!sec.Exists("Package")) {
+           Status = StatError;
+           ErrorText = ("Encountered a section with no Package: header");
+           Rename(DestFile,DestFile + ".FAILED");
+           return;
+        }
+      }
+       
       // Done, move it into position
       string FinalFile = _config->FindDir("Dir::State::lists");
       FinalFile += URItoFileName(RealURI);
@@ -1330,6 +1359,16 @@ void pkgAcqMetaIndex::AuthDone(string Message)                           /*{{{*/
                                                                        /*}}}*/
 void pkgAcqMetaIndex::QueueIndexes(bool verify)                                /*{{{*/
 {
+#if 0
+   /* Reject invalid, existing Release files (LP: #346386) (Closes: #195301)
+    * FIXME: Disabled; it breaks unsigned repositories without hashes */
+   if (!verify && FileExists(DestFile) && !MetaIndexParser->Load(DestFile))
+   {
+      Status = StatError;
+      ErrorText = MetaIndexParser->ErrorText;
+      return;
+   }
+#endif
    for (vector <struct IndexTarget*>::const_iterator Target = IndexTargets->begin();
         Target != IndexTargets->end();
         Target++)
@@ -1493,6 +1532,12 @@ void pkgAcqMetaIndex::Failed(string Message,pkgAcquire::MethodConfig *Cnf)
                         LookupTag(Message,"Message").c_str());
         RunScripts("APT::Update::Auth-Failure");
         return;
+      } else if (LookupTag(Message,"Message").find("NODATA") != string::npos) {
+        /* Invalid signature file, reject (LP: #346386) (Closes: #195301) */
+        _error->Error(_("GPG error: %s: %s"),
+                        Desc.Description.c_str(),
+                        LookupTag(Message,"Message").c_str());
+        return;
       } else {
         _error->Warning(_("GPG error: %s: %s"),
                         Desc.Description.c_str(),

diff --git a/debian/changelog b/debian/changelog
index 5f5e23eb163fa15df9d8369569a2d379b6da065d..b1d276d5dc8e772b799277d87b59d98625b234ab 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,8 @@ apt (0.8.15) UNRELEASED; urgency=low
   * apt-pkg/depcache.cc:
     - Really release action groups only once (Closes: #622744)
     - Make purge work again for config-files (LP: #244598) (Closes: #150831)
+  * apt-pkg/acquire-item.cc:
+    - Reject files known to be invalid (LP: #346386) (Closes: #195301)
   * debian/apt.cron.daily:
     - Check power after wait, patch by manuel-soto (LP: #705269)
   * debian/control: