From 33e4d8b32a0baef91342527cce16cd47bcb1ee60 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 14 Jun 2012 16:18:20 +0200 Subject: [PATCH] add extra paranoia against subkey attacks (and a regression test), LP: #1013128, thanks to jdstrand and mdeslaur and Geori Guinski --- cmdline/apt-key | 14 +++++++----- .../exploid-keyring-with-dupe-subkeys.pub | Bin 0 -> 2016 bytes test/integration/test-apt-key-net-update | 21 ++++++++++++++++++ 3 files changed, 29 insertions(+), 6 deletions(-) create mode 100644 test/integration/exploid-keyring-with-dupe-subkeys.pub diff --git a/cmdline/apt-key b/cmdline/apt-key index dda3c1b43..6e85b7353 100755 --- a/cmdline/apt-key +++ b/cmdline/apt-key @@ -50,18 +50,20 @@ add_keys_with_verify_against_master_keyring() { # all keys that are exported must have a valid signature # from a key in the $distro-master-keyring add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5` + all_add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^[ps]ub | cut -d: -f5` master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5` - - for add_key in $add_keys; do - # ensure there are no colisions LP: #857472 + # ensure there are no colisions LP: #857472 + for all_add_key in $all_add_keys; do for master_key in $master_keys; do - if [ "$add_key" = "$master_key" ]; then - echo >&2 "Keyid collision for '$add_key' detected, operation aborted" + if [ "$all_add_key" = "$master_key" ]; then + echo >&2 "Keyid collision for '$all_add_key' detected, operation aborted" return 1 fi done - + done + + for add_key in $add_keys; do # export the add keyring one-by-one rm -f $TMP_KEYRING $GPG_CMD --keyring $ADD_KEYRING --output $TMP_KEYRING --export $add_key diff --git a/test/integration/exploid-keyring-with-dupe-subkeys.pub b/test/integration/exploid-keyring-with-dupe-subkeys.pub new file mode 100644 index 0000000000000000000000000000000000000000..02d4e6ee8f6d5bf2af4f7bc37bcbe6b522bbe8de GIT binary patch literal 2016 zcmY+Ei9ZvJ1IBlnvk99J5th;6zH@|BdmR(aM1))`YB?j!5pxz1wY|vPK+oKu~?5+7Dgf{Cx=ik7*=zLH_vz$f2{Mw@g3 z=@S%ZTn5+<1OV?z21NJ~^mLRp0?^9l0agJP>Fp3{APBG<3i_E7qyQEY6A^}iK|%;& zkcg-l1PKBIK}tZ7Y$8BZL=xYxb|{i&4L7WY04icMFo9~+hjoFxNfS;U&%#-&S!+pQ z<;PQoMelf-&V{?GnJ1Jqv1AHV{!YPk;wM9X_V@U0U9t1pRP-vf zuZHw3V|5+sx+#Em##nwn1iMuUgYSrGaF4&5sw%EjXRzmxs!D_l&u6kPy3YRLoGKdj zg$&#Wk^B)|=x6lC#h>xSzNI8s?m2MMLspmsJYaOt2K;iH?$eaGyUnZEy!5@8vFi0m z8ETS*l=s2RUJu-Zp>X*8K2hNUA4F8Fm3YV}kvAbs&g@^)`&fCRVra*;(z*|BL?j`D zskE_hU+MXLZyM>+v(ZZZR~1ZiTCfDE$~#KY&SUlk&gSFVOs-%%A&O&?I%g;_7h11t z9WS;2@Sw`StK`uY%HGK0gAG+<4Mqmp{%8A5gCmHwGD!!I>Q^MjtrwD!TQxorY(bT3)^aa z8xq|iC$>4Ao1C&s;l??}Otd;8C8T7~k9!XX92iy6BT$!-3j?pJ|F5q$_V0aZB?zYo z+h#_?QAY-2-3CV`({_!E4o~=5TxIhEXF=eG{i!?Xdg4$k=5t%|#iG#d?_SE;lh-2L zIz-Nx75KbS3J>tqa@Hw`imzo@#%-y}FPU(iHmwmYOFR4ZrR1M-uTxqIJaWJK0dz`h z-%IlcU?Q*%<%z;eHXc$n97X)2lL=1N>TNQLtwB#tt6Xl@C2|nGG)I~i6_rMRV^kcS z5}fPXYjZ^wk%46!7%|}1Ivk@vEH^xWLUZ!nf;q3?EEt-(r|nENam+IQW^w`M?KR`` z4Tuo#<71oCVs?f$<$epORY*N}P0{Iw6=zO@5y6&LNYDJ{dY}I0gq2G%nslkBD7n%6 zZOmN~+Q2ppeudcnKXeDVi{p+bm=^4A%VZ?ZxuH47FzMr$uz9wugS2iB`MHfA_b6+cM<7x{)y{%9K?192l33mP#v+~m36|M69lpT5T<>l9Jh*}ubKPDW| z&fn^EruiEgAEvs!AUMzmc29usKqzAxM;c8o7Tvk6^zOoSU6p^)O)r7$`0;j;U!aQr z&ZFHR1aO1uD9Y->&Ufrgt7I!#ob_eh)C?KRVl@sWuJN=Us6RS&c%%jX-G3KqnrYNk z>JFTG9a$K=QTHU4QWg|j%j@ciDwE4|E{$Uzzezg%MRT05hvH5=GPRTF)IY%rRep^( z8Lmx%L7!!e^i%-+^-9C;P1D`V6T|+dsa2%m#5;h>V5iZtNB{u%<4yKHmvUR6Z!rHHYqn9JmlHbQp{mu(Y?TM1PG*UiiG2-U+-MRgKIxHa zkN{8I{whr2ThHW{t-MR_WvOV>O4ma3p3F?OZ~1-xI8|(yp9W3c5X98!b!Ajo8Q`k= zFvpus<`CB!`3rJIv8Mr_1)}5%WODYsHKbKgj;)x(W=lm*1i?JNzNSI`D}B(HqP>6J zyWZkTmbzTlbxPVvNZS4BNiL4&zqNStgP3EAMUGTewe<|tT4aq?E zeC5GH7d7jWv0A-Zn%+NO#%5Xp88;7Iw@n>pEGLw7< zP3km1d3_qpihz~OT#Oqx4T_PEylWv3X~$&6|1}^JR4ju{1#3L_c?{xz{FnwLJG0PX z0zEb5jfkqgQmvwCY~18sdIa6^cS5anx`e`{ z8}BWJYYU*K%-*WMo|B0maC(mfbaU|J+zeM>T%1>f18E? literal 0 HcmV?d00001 diff --git a/test/integration/test-apt-key-net-update b/test/integration/test-apt-key-net-update index 452766b4d..d5205836f 100755 --- a/test/integration/test-apt-key-net-update +++ b/test/integration/test-apt-key-net-update @@ -49,6 +49,26 @@ else msgpass fi + +# test another possible attack vector using subkeys (LP: #1013128) +msgtest "add_keys_with_verify_against_master_keyring with subkey attack" +ADD_KEYRING=./keys/exploid-keyring-with-dupe-subkeys.pub +if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then + msgfail +else + msgpass +fi + +# ensure the keyring is still empty +gpg_out=$($GPG --list-keys) +msgtest "Test if keyring is empty" +if [ -n "" ]; then + msgfail +else + msgpass +fi + + # test good keyring and ensure we get no errors ADD_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then @@ -72,3 +92,4 @@ uid Ubuntu Archive Automatic Signing Key (2012) ' $GPG --list-keys + -- 2.50.0