emo/xbps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #246 from ebfe/signed_pkgver

Browse Source 
lib/package_unpack.c: verify signed pkgver matches
This commit is contained in:
Juan RP 2017-10-25 09:17:55 +02:00 committed by GitHub
commit eaccf4813d
1 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
lib/package_unpack.c
View File

@ -73,7 +73,7 @@ unpack_archive(struct xbps_handle *xhp,
const char *fname, const char *fname,
struct archive *ar) struct archive *ar)
{ {
xbps_dictionary_t binpkg_filesd, pkg_filesd; xbps_dictionary_t binpkg_propsd, binpkg_filesd, pkg_filesd;
xbps_array_t array, obsoletes; xbps_array_t array, obsoletes;
xbps_object_t obj; xbps_object_t obj;
xbps_data_t data; xbps_data_t data;
@ -84,14 +84,14 @@ unpack_archive(struct xbps_handle *xhp,
struct archive_entry *entry; struct archive_entry *entry;
size_t instbufsiz = 0, rembufsiz = 0; size_t instbufsiz = 0, rembufsiz = 0;
ssize_t entry_size; ssize_t entry_size;
const char *file, *entry_pname, *transact; const char *file, *entry_pname, *transact, *binpkg_pkgver;
char *pkgname, *buf; char *pkgname, *buf;
int ar_rv, rv, error, entry_type, flags; int ar_rv, rv, error, entry_type, flags;
bool preserve, update, file_exists; bool preserve, update, file_exists;
bool skip_extract, force, xucd_stats; bool skip_extract, force, xucd_stats;
uid_t euid; uid_t euid;
binpkg_filesd = pkg_filesd = NULL; binpkg_propsd = binpkg_filesd = pkg_filesd = NULL;
force = preserve = update = file_exists = false; force = preserve = update = file_exists = false;
xucd_stats = false; xucd_stats = false;
ar_rv = rv = error = entry_type = flags = 0; ar_rv = rv = error = entry_type = flags = 0;
@ -156,6 +156,12 @@ unpack_archive(struct xbps_handle *xhp,
rv = EINVAL; rv = EINVAL;
goto out; goto out;
} }
} else if (strcmp("./props.plist", entry_pname) == 0) {
binpkg_propsd = xbps_archive_get_dictionary(ar, entry);
if (binpkg_propsd == NULL) {
rv = EINVAL;
goto out;
}
} else if (strcmp("./files.plist", entry_pname) == 0) { } else if (strcmp("./files.plist", entry_pname) == 0) {
binpkg_filesd = xbps_archive_get_dictionary(ar, entry); binpkg_filesd = xbps_archive_get_dictionary(ar, entry);
if (binpkg_filesd == NULL) { if (binpkg_filesd == NULL) {
@ -181,12 +187,24 @@ unpack_archive(struct xbps_handle *xhp,
/* /*
* Bail out if required metadata files are not in archive. * Bail out if required metadata files are not in archive.
*/ */
if (binpkg_filesd == NULL) { if (binpkg_propsd == NULL || binpkg_filesd == NULL) {
xbps_set_cb_state(xhp, XBPS_STATE_UNPACK_FAIL, ENODEV, pkgver, xbps_set_cb_state(xhp, XBPS_STATE_UNPACK_FAIL, ENODEV, pkgver,
"%s: [unpack] invalid binary package `%s'.", pkgver, fname); "%s: [unpack] invalid binary package `%s'.", pkgver, fname);
rv = ENODEV; rv = ENODEV;
goto out; goto out;
} }
/*
* Check that the pkgver in the binpkg matches the one we're looking for.
*/
xbps_dictionary_get_cstring_nocopy(binpkg_propsd, "pkgver", &binpkg_pkgver);
if (strcmp(pkgver, binpkg_pkgver) != 0) {
xbps_set_cb_state(xhp, XBPS_STATE_UNPACK_FAIL, EINVAL, pkgver,
"%s: [unpack] pkgver mismatch repodata: `%s' binpkg: `%s'.", fname, pkgver, binpkg_pkgver);
rv = EINVAL;
goto out;
}
/* /*
* Internalize current pkg metadata files plist. * Internalize current pkg metadata files plist.
*/ */
@ -520,6 +538,8 @@ out:
unlink(buf); unlink(buf);
free(buf); free(buf);
} }
if (xbps_object_type(binpkg_propsd) == XBPS_TYPE_DICTIONARY)
xbps_object_release(binpkg_propsd);
if (xbps_object_type(binpkg_filesd) == XBPS_TYPE_DICTIONARY) if (xbps_object_type(binpkg_filesd) == XBPS_TYPE_DICTIONARY)
xbps_object_release(binpkg_filesd); xbps_object_release(binpkg_filesd);
if (pkgname != NULL) if (pkgname != NULL)