diff options
| author | Guillem Jover <guillem@debian.org> | 2012-12-16 00:33:25 +0100 |
|---|---|---|
| committer | Guillem Jover <guillem@debian.org> | 2013-03-18 06:37:35 +0100 |
| commit | b08f7a8306f872b077af4040ebeab8853faaf0cd (patch) | |
| tree | febcf47d4f565ad426f10e326bff63920a67a1a8 /scripts/Dpkg/Control | |
| parent | 9945c52208fa7520bb307868d6c152ced8238969 (diff) | |
| download | dpkg-b08f7a8306f872b077af4040ebeab8853faaf0cd.tar.gz | |
Dpkg::Control::Hash: Check for presence of OpenPGP signatures
Make sure the OpenGPG armor contains a signature block, even on EOF.
This should get detected and rejected by gpgv anyway, but it's better
to check the structure of the message before doing any further parsing
on it.
Diffstat (limited to 'scripts/Dpkg/Control')
| -rw-r--r-- | scripts/Dpkg/Control/Hash.pm | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/scripts/Dpkg/Control/Hash.pm b/scripts/Dpkg/Control/Hash.pm index 623ca73fe..5a1c1ca1d 100644 --- a/scripts/Dpkg/Control/Hash.pm +++ b/scripts/Dpkg/Control/Hash.pm @@ -171,6 +171,8 @@ sub parse { my $paraborder = 1; my $cf; # Current field my $expect_pgp_sig = 0; + my $pgp_signed = 0; + while (<$fh>) { s/\s*\n$//; next if (m/^$/ and $paraborder); @@ -223,6 +225,9 @@ sub parse { unless (defined($_)) { syntaxerr($desc, _g("unfinished PGP signature")); } + # This does not mean the signature is correct, that needs to + # be verified by gnupg. + $pgp_signed = 1; } last; # Finished parsing one block } else { @@ -230,6 +235,11 @@ sub parse { _g("line with unknown format (not field-colon-value)")); } } + + if ($expect_pgp_sig and not $pgp_signed) { + syntaxerr($desc, _g("unfinished PGP signature")); + } + return defined($cf); } |