From aea291e3db1ac0414dcf005a0a607e78bdd77a5e Mon Sep 17 00:00:00 2001
From: Guillem Jover <guillem@debian.org>
Date: Thu, 19 Mar 2015 22:51:46 +0100
Subject: Dpkg::Control::HashCore: Fix OpenPGP Armor Header Line parsing

Cherry picked from commit b4ccfe4982161b8beb44f1d0c98f791c4f238edd.

We should only accept [\r\t ] as trailing whitespace, although RFC4880
does not clarify what whitespace really maps to, we should really match
the GnuPG implementation anyway, as that is what we use to verify the
signatures.

Fixes: CVE-2015-0840
Reported-by: Jann Horn <jann@thejh.net>
---
 scripts/Dpkg/Control/HashCore.pm | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

(limited to 'scripts/Dpkg/Control/HashCore.pm')

diff --git a/scripts/Dpkg/Control/HashCore.pm b/scripts/Dpkg/Control/HashCore.pm
index 2646ade08..4162ad95f 100644
--- a/scripts/Dpkg/Control/HashCore.pm
+++ b/scripts/Dpkg/Control/HashCore.pm
@@ -197,8 +197,8 @@ sub parse {
     local $_;
 
     while (<$fh>) {
-	s/\s*\n$//;
-	next if length == 0 and $paraborder;
+	chomp;
+	next if m/^\s*$/ and $paraborder;
 	next if (m/^#/);
 	$paraborder = 0;
 	if (m/^(\S+?)\s*:\s*(.*)$/) {
@@ -212,6 +212,7 @@ sub parse {
 		    $self->parse_error($desc, g_('duplicate field %s found'), $name);
 		}
 	    }
+	    $value =~ s/\s*$//;
 	    $self->{$name} = $value;
 	    $cf = $name;
 	} elsif (m/^\s(\s*\S.*)$/) {
@@ -222,8 +223,9 @@ sub parse {
 	    if ($line =~ /^\.+$/) {
 		$line = substr $line, 1;
 	    }
+	    $line =~ s/\s*$//;
 	    $self->{$cf} .= "\n$line";
-	} elsif (m/^-----BEGIN PGP SIGNED MESSAGE-----$/) {
+	} elsif (m/^-----BEGIN PGP SIGNED MESSAGE-----[\r\t ]*$/) {
 	    $expect_pgp_sig = 1;
 	    if ($$self->{allow_pgp} and not $parabody) {
 		# Skip OpenPGP headers
@@ -233,7 +235,8 @@ sub parse {
 	    } else {
 		$self->parse_error($desc, g_('OpenPGP signature not allowed here'));
 	    }
-	} elsif (length == 0 || ($expect_pgp_sig && m/^-----BEGIN PGP SIGNATURE-----$/)) {
+	} elsif (m/^\s*$/ ||
+	         ($expect_pgp_sig && m/^-----BEGIN PGP SIGNATURE-----[\r\t ]*$/)) {
 	    if ($expect_pgp_sig) {
 		# Skip empty lines
 		$_ = <$fh> while defined && m/^\s*$/;
@@ -241,15 +244,15 @@ sub parse {
 		    $self->parse_error($desc, g_('expected OpenPGP signature, ' .
 		                                 'found end of file after blank line'));
 		}
-		s/\s*\n$//;
-		unless (m/^-----BEGIN PGP SIGNATURE-----$/) {
+		chomp;
+		unless (m/^-----BEGIN PGP SIGNATURE-----[\r\t ]*$/) {
 		    $self->parse_error($desc, g_('expected OpenPGP signature, ' .
-		                                 "found something else '%s'"), $_);
+		                                 "found something else \`%s'"), $_);
                 }
 		# Skip OpenPGP signature
 		while (<$fh>) {
-		    s/\s*\n$//;
-		    last if m/^-----END PGP SIGNATURE-----$/;
+		    chomp;
+		    last if m/^-----END PGP SIGNATURE-----[\r\t ]*$/;
 		}
 		unless (defined) {
 		    $self->parse_error($desc, g_('unfinished OpenPGP signature'));
-- 
cgit v1.2.3