fix apt-key net-update by erroring out if there are any duplicated keys in master...

diff --git a/cmdline/apt-key b/cmdline/apt-key
index 4d2b7c49f802b3c758fbe58f822fce3b604f6fc7..8a3f5ba54075af4664d3534ad3a4f62aedfeff86 100755 (executable)
--- a/cmdline/apt-key
+++ b/cmdline/apt-key
@@ -50,6 +50,17 @@ add_keys_with_verify_against_master_keyring() {
     #   from a key in the $distro-master-keyring
     add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5`
     master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5`
     #   from a key in the $distro-master-keyring
     add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5`
     master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5`

+    # verify to ensure that there are no key id duplications that may be
+    # used to attack the system, see LP: #857472
+    for add_key in $add_keys; do
+       for master_key in $master_keys; do
+            if [ "$add_key" = "$master_key" ]; then
+                echo >&2 "Keyid collision for '$add_key' detected, operation aborted"
+                return 1
+            fi
+        done
+    done
+    # add all keys signed with any of the master key(s)

     for add_key in $add_keys; do
        ADDED=0
        for master_key in $master_keys; do
     for add_key in $add_keys; do
        ADDED=0
        for master_key in $master_keys; do

diff --git a/test/integration/exploid-keyring-with-dupe-keys.pub b/test/integration/exploid-keyring-with-dupe-keys.pub
new file mode 100644 (file)
index 0000000..642952a
Binary files /dev/null and b/test/integration/exploid-keyring-with-dupe-keys.pub differ

diff --git a/test/integration/test-apt-key-net-update b/test/integration/test-apt-key-net-update
new file mode 100755 (executable)
index 0000000..66aafbb
--- /dev/null
+++ b/test/integration/test-apt-key-net-update
@@ -0,0 +1,47 @@
+#!/bin/sh
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+
+setupenvironment
+configarchitecture "i386"
+
+# mock
+requires_root() {
+    return 0
+}
+
+# extract net_update() and import it
+func=$( sed -n -e '/^add_keys_with_verify_against_master_keyring/,/^}/p' ${BUILDDIRECTORY}/apt-key )
+eval "$func"
+
+mkdir -p ./etc/apt
+TRUSTEDFILE=./etc/apt/trusted.gpg
+GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring"
+GPG="$GPG_CMD --keyring $TRUSTEDFILE"
+MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg
+
+msgtest "add_keys_with_verify_against_master_keyring"
+if [ ! -e $MASTER_KEYRING ]; then
+    echo -n "No $MASTER_KEYRING found"
+    msgskip 
+    exit 0
+fi
+
+# test bad keyring and ensure its not added (LP: #857472)
+ADD_KEYRING=./keys/exploid-keyring-with-dupe-keys.pub
+if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
+    msgfail
+else
+    msgpass
+fi
+
+# test good keyring and ensure we get no errors
+ADD_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg
+if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
+    msgpass
+else
+    msgfail
+fi
+