summaryrefslogtreecommitdiff
path: root/apt-pkg/contrib
diff options
context:
space:
mode:
authorJulian Andres Klode <julian.klode@canonical.com>2019-12-02 11:46:49 +0100
committerJulian Andres Klode <julian.klode@canonical.com>2019-12-02 14:27:38 +0100
commit93f33052de84e9aeaf19c92291d043dad2665bbd (patch)
tree667c4240b6f6fb9c91ae20b655478508b09d6214 /apt-pkg/contrib
parent1690c3f87ae45a41e8d3e09bf0b1021c008460b9 (diff)
netrc: Restrict auth.conf entries to https by default
This avoids downgrade attacks where an attacker could inject Location: http://private.example/ and then (having access to raw data to private.example, for example, by opening a port there, or sniffing network traffic) read the credentials for the private repository. Closes: #945911
Diffstat (limited to 'apt-pkg/contrib')
-rw-r--r--apt-pkg/contrib/netrc.cc22
1 files changed, 21 insertions, 1 deletions
diff --git a/apt-pkg/contrib/netrc.cc b/apt-pkg/contrib/netrc.cc
index ee1996f8d..2069a0394 100644
--- a/apt-pkg/contrib/netrc.cc
+++ b/apt-pkg/contrib/netrc.cc
@@ -72,6 +72,26 @@ bool MaybeAddAuth(FileFd &NetRCFile, URI &Uri)
active_token = MACHINE;
break;
case MACHINE:
+ // If token contains a protocol: Check it first, and strip it away if
+ // it matches. If it does not match, ignore this stanza.
+ // If there is no protocol, only allow https protocols.
+ if (token.find("://") != std::string::npos)
+ {
+ if (not APT::String::Startswith(token, Uri.Access + "://"))
+ {
+ active_token = NO;
+ break;
+ }
+ token.erase(0, Uri.Access.length() + 3);
+ }
+ else if (Uri.Access != "https" && Uri.Access != "tor+https")
+ {
+ if (Debug)
+ std::clog << "MaybeAddAuth: Rejecting matching host adding '" << Uri.User << "' and '" << Uri.Password << "' for "
+ << (std::string)Uri << " from " << NetRCFile.Name() << "as the protocol is not https" << std::endl;
+ active_token = NO;
+ break;
+ }
if (token.find('/') == std::string::npos)
{
if (Uri.Port != 0 && Uri.Host == token)
@@ -168,7 +188,7 @@ bool IsAuthorized(pkgCache::PkgFileIterator const I, std::vector<std::unique_ptr
}
// FIXME: Use the full base url
- URI uri(std::string("http://") + I.Site() + "/");
+ URI uri(std::string("https://") + I.Site() + "/");
for (auto &authconf : authconfs)
{
if (not authconf->IsOpen())