Close the archive on fatal errors during signature validation. This can

happen e.g. if pkg_add finds a directory with that name.
Remove a bunch of HAVE_SSL conditionals that no longer apply as GPG
support is back in.

7 files changed, 46 insertions, 42 deletions

diff --git a/pkgtools/pkg_install/files/add/Makefile.in b/pkgtools/pkg_install/files/add/Makefile.in
index 1b45ed175b8..1eb6bab76de 100644
--- a/pkgtools/pkg_install/files/add/Makefile.in
+++ b/pkgtools/pkg_install/files/add/Makefile.in
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.in,v 1.19 2009/02/02 12:35:00 joerg Exp $
+# $NetBSD: Makefile.in,v 1.20 2009/02/13 11:21:07 joerg Exp $
 
 srcdir=		@srcdir@
 
@@ -23,7 +23,6 @@ SSL_SUPPORT=	@ssl_support@
 LIBS=		-linstall -lfetch -larchive -lbz2 -lz
 .if !empty(SSL_SUPPORT)
 LIBS+=		-lcrypto
-CPPFLAGS+=	-DHAVE_SSL
 .endif
 LIBS+=		@LIBS@
 
diff --git a/pkgtools/pkg_install/files/add/perform.c b/pkgtools/pkg_install/files/add/perform.c
index a7bc936a149..f4922613e15 100644
--- a/pkgtools/pkg_install/files/add/perform.c
+++ b/pkgtools/pkg_install/files/add/perform.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: perform.c,v 1.76 2009/02/11 23:42:42 joerg Exp $	*/
+/*	$NetBSD: perform.c,v 1.77 2009/02/13 11:21:07 joerg Exp $	*/
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
@@ -6,7 +6,7 @@
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: perform.c,v 1.76 2009/02/11 23:42:42 joerg Exp $");
+__RCSID("$NetBSD: perform.c,v 1.77 2009/02/13 11:21:07 joerg Exp $");
 
 /*-
  * Copyright (c) 2003 Grant Beattie <grant@NetBSD.org>
@@ -1235,13 +1235,11 @@ pkg_do(const char *pkgpath, int mark_automatic)
 		goto clean_find_archive;
 	}
 
-#ifdef HAVE_SSL
 	invalid_sig = pkg_verify_signature(&pkg->archive, &pkg->entry,
 	    &pkg->pkgname, &signature_cookie);
-#else
-	invalid_sig = 1;
-	signature_cookie = NULL;
-#endif
+
+	if (pkg->archive == NULL)
+		goto clean_memory;
 
 	if (read_meta_data(pkg))
 		goto clean_memory;
@@ -1400,9 +1398,7 @@ clean_memory:
 	}
 	free(pkg->other_version);
 	free(pkg->pkgname);
-#ifdef HAVE_SSL
 	pkg_free_signature(signature_cookie);
-#endif
 clean_find_archive:
 	free(pkg);
 	return status;
diff --git a/pkgtools/pkg_install/files/admin/Makefile.in b/pkgtools/pkg_install/files/admin/Makefile.in
index 8906c19d87c..2c6c7bbf88c 100644
--- a/pkgtools/pkg_install/files/admin/Makefile.in
+++ b/pkgtools/pkg_install/files/admin/Makefile.in
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.in,v 1.16 2009/02/02 12:35:00 joerg Exp $
+# $NetBSD: Makefile.in,v 1.17 2009/02/13 11:21:07 joerg Exp $
 
 srcdir=		@srcdir@
 
@@ -29,7 +29,7 @@ SCRIPTS=	audit-packages download-vulnerability-list
 LIBS=		-linstall -lbz2 -lfetch -larchive -lbz2 -lz
 .if !empty(SSL_SUPPORT)
 LIBS+=		-lcrypto
-CPPFLAGS+=	-DHAVE_SSL
+CFLAGS+=	-DHAVE_SSL
 .endif
 LIBS+=		@LIBS@
 OBJS=		audit.o check.o main.o
diff --git a/pkgtools/pkg_install/files/admin/main.c b/pkgtools/pkg_install/files/admin/main.c
index 41e9838a09a..1ce5fae9a69 100644
--- a/pkgtools/pkg_install/files/admin/main.c
+++ b/pkgtools/pkg_install/files/admin/main.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: main.c,v 1.46 2009/02/02 12:35:00 joerg Exp $	*/
+/*	$NetBSD: main.c,v 1.47 2009/02/13 11:21:07 joerg Exp $	*/
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -7,7 +7,7 @@
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: main.c,v 1.46 2009/02/02 12:35:00 joerg Exp $");
+__RCSID("$NetBSD: main.c,v 1.47 2009/02/13 11:21:07 joerg Exp $");
 
 /*-
  * Copyright (c) 1999-2008 The NetBSD Foundation, Inc.
@@ -533,7 +533,6 @@ main(int argc, char *argv[])
 	} else if (strcasecmp(argv[0], "audit-history") == 0) {
 		audit_history(--argc, ++argv);
 	} else if (strcasecmp(argv[0], "check-signature") == 0) {
-#ifdef HAVE_SSL
 		struct archive *pkg;
 		void *cookie;
 		int rc;
@@ -545,14 +544,12 @@ main(int argc, char *argv[])
 				warnx("%s could not be opened", *argv);
 				continue;
 			}
-			if (pkg_full_signature_check(pkg))
+			if (pkg_full_signature_check(&pkg))
 				rc = 1;
-			close_archive(pkg);
+			if (!pkg)
+				close_archive(pkg);
 		}
 		return rc;
-#else
-		errx(EXIT_FAILURE, "OpenSSL support is not included");
-#endif
 	} else if (strcasecmp(argv[0], "x509-sign-package") == 0) {
 #ifdef HAVE_SSL
 		--argc;
diff --git a/pkgtools/pkg_install/files/info/perform.c b/pkgtools/pkg_install/files/info/perform.c
index a569cae0253..e3f4f6494a2 100644
--- a/pkgtools/pkg_install/files/info/perform.c
+++ b/pkgtools/pkg_install/files/info/perform.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: perform.c,v 1.50 2009/02/11 23:51:30 joerg Exp $	*/
+/*	$NetBSD: perform.c,v 1.51 2009/02/13 11:21:07 joerg Exp $	*/
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -13,7 +13,7 @@
 #if HAVE_SYS_WAIT_H
 #include <sys/wait.h>
 #endif
-__RCSID("$NetBSD: perform.c,v 1.50 2009/02/11 23:51:30 joerg Exp $");
+__RCSID("$NetBSD: perform.c,v 1.51 2009/02/13 11:21:07 joerg Exp $");
 
 /*-
  * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>.
@@ -298,9 +298,7 @@ pkg_do(const char *pkg)
 #else
 		struct archive *archive;
 		void *archive_cookie;
-#  ifdef HAVE_SSL
 		void *signature_cookie;
-#  endif
 		struct archive_entry *entry;
 		char *pkgname;
 
@@ -311,17 +309,15 @@ pkg_do(const char *pkg)
 		}
 		pkgname = NULL;
 		entry = NULL;
-#  ifdef HAVE_SSL
 		pkg_verify_signature(&archive, &entry, &pkgname,
 		    &signature_cookie);
-#  endif
+		if (archive == NULL)
+			return -1;
 		free(pkgname);
 
 		meta = read_meta_data_from_archive(archive, entry);
 		close_archive(archive_cookie);
-#  ifdef HAVE_SSL
 		pkg_free_signature(signature_cookie);
-#  endif
 		if (!IS_URL(pkg))
 			binpkgfile = pkg;
 #endif
diff --git a/pkgtools/pkg_install/files/lib/lib.h b/pkgtools/pkg_install/files/lib/lib.h
index dd8f8096ef4..d46cc513c9b 100644
--- a/pkgtools/pkg_install/files/lib/lib.h
+++ b/pkgtools/pkg_install/files/lib/lib.h
@@ -1,4 +1,4 @@
-/* $NetBSD: lib.h,v 1.47 2009/02/13 01:31:42 joerg Exp $ */
+/* $NetBSD: lib.h,v 1.48 2009/02/13 11:21:07 joerg Exp $ */
 
 /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */
 
@@ -376,12 +376,12 @@ void pkg_install_config(void);
 /* Print configuration variable */
 void pkg_install_show_variable(const char *);
 
-#ifdef HAVE_SSL
 /* Package signature creation and validation */
 int pkg_verify_signature(struct archive **, struct archive_entry **, char **,
     void **);
-int pkg_full_signature_check(struct archive *);
+int pkg_full_signature_check(struct archive **);
 void pkg_free_signature(void *);
+#ifdef HAVE_SSL
 void pkg_sign_x509(const char *, const char *, const char *, const char *);
 #endif
 
diff --git a/pkgtools/pkg_install/files/lib/pkg_signature.c b/pkgtools/pkg_install/files/lib/pkg_signature.c
index b76bd8c58e5..87002a634e9 100644
--- a/pkgtools/pkg_install/files/lib/pkg_signature.c
+++ b/pkgtools/pkg_install/files/lib/pkg_signature.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: pkg_signature.c,v 1.3 2009/02/09 16:54:08 joerg Exp $	*/
+/*	$NetBSD: pkg_signature.c,v 1.4 2009/02/13 11:21:07 joerg Exp $	*/
 
 #if HAVE_CONFIG_H
 #include "config.h"
@@ -7,7 +7,7 @@
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: pkg_signature.c,v 1.3 2009/02/09 16:54:08 joerg Exp $");
+__RCSID("$NetBSD: pkg_signature.c,v 1.4 2009/02/13 11:21:07 joerg Exp $");
 
 /*-
  * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>.
@@ -178,10 +178,12 @@ read_file_from_archive(struct archive *archive, struct archive_entry **entry,
 retry:
 	if (*entry == NULL &&
 	    (r = archive_read_next_header(archive, entry)) != ARCHIVE_OK) {
-		if (r == ARCHIVE_FATAL)
+		if (r == ARCHIVE_FATAL) {
 			warnx("Cannot read from archive: %s",
 			    archive_error_string(archive));
-		return -1;
+			return -1;
+		}
+		return 1;
 	}
 	if (strcmp(archive_entry_pathname(*entry), "//") == 0) {
 		archive_read_data_skip(archive);
@@ -329,6 +331,8 @@ pkg_verify_signature(struct archive **archive, struct archive_entry **entry,
 	r = read_file_from_archive(*archive, entry, HASH_FNAME,
 	    &hash_file, &hash_len);
 	if (r == -1) {
+		archive_read_finish(*archive);
+		*archive = NULL;
 		free(state);
 		goto no_valid_signature;
 	} else if (r == 1) {
@@ -341,12 +345,24 @@ pkg_verify_signature(struct archive **archive, struct archive_entry **entry,
 
 	r = read_file_from_archive(*archive, entry, SIGNATURE_FNAME,
 	    &signature_file, &signature_len);
-	if (r != 0) {
+	if (r == -1) {
+		archive_read_finish(*archive);
+		*archive = NULL;
+		free(state);
+		free(hash_file);
+		goto no_valid_signature;
+	} else if (r != 0) {
 		if (*entry != NULL)
 			r = read_file_from_archive(*archive, entry,
 			    GPG_SIGNATURE_FNAME,
 			    &signature_file, &signature_len);
-		if (r != 0) {
+		if (r == -1) {
+			archive_read_finish(*archive);
+			*archive = NULL;
+			free(state);
+			free(hash_file);
+			goto no_valid_signature;
+		} else if (r != 0) {
 			free(hash_file);
 			free(state);
 			goto no_valid_signature;
@@ -404,21 +420,21 @@ no_valid_signature:
 }
 
 int
-pkg_full_signature_check(struct archive *archive)
+pkg_full_signature_check(struct archive **archive)
 {
 	struct archive_entry *entry = NULL;
 	char *pkgname;
 	void *cookie;
 	int r;
 
-	if (pkg_verify_signature(&archive, &entry, &pkgname, &cookie))
+	if (pkg_verify_signature(archive, &entry, &pkgname, &cookie))
 		return -1;
 	if (pkgname == NULL)
 		return 0;
 
 	/* XXX read PLIST and compare pkgname */
-	while ((r = archive_read_next_header(archive, &entry)) == ARCHIVE_OK)
-		archive_read_data_skip(archive);
+	while ((r = archive_read_next_header(*archive, &entry)) == ARCHIVE_OK)
+		archive_read_data_skip(*archive);
 
 	pkg_free_signature(cookie);
 	free(pkgname);