Bug#696234: apt: Signed Debian control block parsing can be fooled
On Tue, Dec 18, 2012 at 2:33 PM, Guillem Jover <guillem@debian.org> wrote:
> The SigVerify::RunGPGV() function is too strict and will error out on
> correct Armor Header Lines (as per RFC4880), those with trailing
> whitespace. The function SourcesWriter::DoPackage() will not correctly
> strip the PGP signature from the dsc if the Armor Header Line contains
> trailing whitespace, it does not correctly handle OpenPGP blank lines
> (those with only whitespaces), or surrounding non-signed "garbage".
Could you point me to the section allowing this?
Paragraph 7. sounds like the header should be only the quoted text and
in general reduces the featureset given in 6.2 while the last sentence of
7.1. suggests that trailing whitespaces are forbidden on any line in the
clear-signed message as they are removed from the unsigned message
at signature generation time.
But yeah, gpg(v) seems to indeed allow all this stuff … *shrugs*
(I wonder now how someone is supposed to sign a message
containing whitespace sourcecode …)
APT code also doesn't support dash-escaped text so far.
Best regards
David Kalnischkies
Reply to: