diff options
| author | Nicolas Vigier <boklm@torproject.org> | 2019-05-16 12:38:08 +0200 |
|---|---|---|
| committer | Nicolas Vigier <boklm@torproject.org> | 2019-05-20 10:29:09 +0200 |
| commit | 4981411ac1981ccc9080da75563a81b5c37c6ece (patch) | |
| tree | 3bd8ab88ef2ace9f17c2b5fc0c48379380b5ec13 | |
| parent | 87adfb7b7be7e7e0f437020dbf8a119673133412 (diff) | |
Bug 30480: Check that a signed tag object contains the expected tag namebug_30480_v2
When checking the signature on a tag, we also need to check that the tag
is really the expected tag in order to avoid rollback attacks.
Thanks to Santiago Torres-Arias and Keving Gallagher from NYU for
reporting and helping fix this issue.
| -rw-r--r-- | lib/RBM.pm | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -308,6 +308,14 @@ sub git_commit_sign_id { return gpg_get_fingerprint(@l); } +sub git_get_signed_tagname { + foreach my $l (split(/\n/, $_[0])) { + return '' unless $l; + return $1 if $l =~ m/^tag (.*)$/; + } + return ''; +} + sub git_tag_sign_id { my ($project, $tag) = @_; my $w = set_git_gpg_wrapper($project); @@ -315,6 +323,7 @@ sub git_tag_sign_id { = capture_exec('git', 'tag', '-v', $tag); unset_git_gpg_wrapper($w); return undef unless $success; + return undef unless git_get_signed_tagname($stdout) eq $tag; return gpg_get_fingerprint(split /\n/, $stderr); } |