From b08f7a8306f872b077af4040ebeab8853faaf0cd Mon Sep 17 00:00:00 2001
From: Guillem Jover <guillem@debian.org>
Date: Sun, 16 Dec 2012 00:33:25 +0100
Subject: Dpkg::Control::Hash: Check for presence of OpenPGP signatures

Make sure the OpenGPG armor contains a signature block, even on EOF.

This should get detected and rejected by gpgv anyway, but it's better
to check the structure of the message before doing any further parsing
on it.
---
 scripts/Dpkg/Control/Hash.pm | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'scripts/Dpkg/Control/Hash.pm')

diff --git a/scripts/Dpkg/Control/Hash.pm b/scripts/Dpkg/Control/Hash.pm
index 623ca73fe..5a1c1ca1d 100644
--- a/scripts/Dpkg/Control/Hash.pm
+++ b/scripts/Dpkg/Control/Hash.pm
@@ -171,6 +171,8 @@ sub parse {
     my $paraborder = 1;
     my $cf; # Current field
     my $expect_pgp_sig = 0;
+    my $pgp_signed = 0;
+
     while (<$fh>) {
 	s/\s*\n$//;
 	next if (m/^$/ and $paraborder);
@@ -223,6 +225,9 @@ sub parse {
 		unless (defined($_)) {
                     syntaxerr($desc, _g("unfinished PGP signature"));
                 }
+		# This does not mean the signature is correct, that needs to
+		# be verified by gnupg.
+		$pgp_signed = 1;
 	    }
 	    last; # Finished parsing one block
 	} else {
@@ -230,6 +235,11 @@ sub parse {
                       _g("line with unknown format (not field-colon-value)"));
 	}
     }
+
+    if ($expect_pgp_sig and not $pgp_signed) {
+        syntaxerr($desc, _g("unfinished PGP signature"));
+    }
+
     return defined($cf);
 }
 
-- 
cgit v1.2.3