svn commit: r286933 - head/usr.sbin/pkg
Xin LI
delphij at FreeBSD.org
Wed Aug 19 18:24:41 UTC 2015
Author: delphij
Date: Wed Aug 19 18:24:39 2015
New Revision: 286933
URL: https://svnweb.freebsd.org/changeset/base/286933
Log:
Issue warning and refuse to proceed further if the configured
repository signature_type is unsupported by bootstrap pkg(7).
Previously, when signature_type specified an unsupported method,
the bootstrap pkg(7) would proceed like when signature_type is
"none". MITM attackers may be able to use this vulnerability and
bypass validation and install their own versions of pkg(8).
At this time, only fingerprint and none are supported by the
bootstrap pkg(7).
FreeBSD's official pkg(8) repository uses the fingerprint method
and is therefore unaffected.
Errata candidate.
Discussed with: bapt@
Submitted by: Fabian Keil
Obtained from: ElectroBSD
Modified:
head/usr.sbin/pkg/pkg.c
Modified: head/usr.sbin/pkg/pkg.c
==============================================================================
--- head/usr.sbin/pkg/pkg.c Wed Aug 19 17:51:03 2015 (r286932)
+++ head/usr.sbin/pkg/pkg.c Wed Aug 19 18:24:39 2015 (r286933)
@@ -767,7 +767,13 @@ bootstrap_pkg(bool force)
goto fetchfail;
if (signature_type != NULL &&
- strcasecmp(signature_type, "FINGERPRINTS") == 0) {
+ strcasecmp(signature_type, "NONE") != 0) {
+ if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
+ warnx("Signature type %s is not supported for "
+ "bootstrapping.", signature_type);
+ goto cleanup;
+ }
+
snprintf(tmpsig, MAXPATHLEN, "%s/pkg.txz.sig.XXXXXX",
getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP);
snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.sig",
@@ -855,7 +861,13 @@ bootstrap_pkg_local(const char *pkgpath,
goto cleanup;
}
if (signature_type != NULL &&
- strcasecmp(signature_type, "FINGERPRINTS") == 0) {
+ strcasecmp(signature_type, "NONE") != 0) {
+ if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
+ warnx("Signature type %s is not supported for "
+ "bootstrapping.", signature_type);
+ goto cleanup;
+ }
+
snprintf(path, sizeof(path), "%s.sig", pkgpath);
if ((fd_sig = open(path, O_RDONLY)) == -1) {
More information about the svn-src-head
mailing list