diff options
author | David Kalnischkies <david@kalnischkies.de> | 2015-12-14 02:18:25 +0100 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2015-12-14 02:26:23 +0100 |
commit | bd4a8f51649ee37291c6e07310104a94f4f5fbed (patch) | |
tree | 6ec200a62164dd318cc675a180cfb11c0e7d5c60 /apt-pkg/deb/debmetaindex.cc | |
parent | 8deda84ed86bae6bfa83f5c25d15fd4611c637c0 (diff) |
show a more descriptive error for weak Release files
If we can't work with the hashes we parsed from the Release file we
display now an error message if the Release file includes only weak
hashes instead of downloading the indexes and failing to verify them
with "Hash Sum mismatch" even through the hashes didn't mismatch (they
were just weak).
If for some (unlikely) reason we have got weak hashes only for
individual targets we will show a warning to this effect (again, befor
downloading and failing the index itself).
Closes: 806459
Diffstat (limited to 'apt-pkg/deb/debmetaindex.cc')
-rw-r--r-- | apt-pkg/deb/debmetaindex.cc | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index 930286a41..c8026aedf 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -348,9 +348,11 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro } bool FoundHashSum = false; - for (int i=0;HashString::SupportedHashes()[i] != NULL; i++) + bool FoundStrongHashSum = false; + auto const SupportedHashes = HashString::SupportedHashes(); + for (int i=0; SupportedHashes[i] != NULL; i++) { - if (!Section.Find(HashString::SupportedHashes()[i], Start, End)) + if (!Section.Find(SupportedHashes[i], Start, End)) continue; std::string Name; @@ -361,17 +363,20 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro if (!parseSumData(Start, End, Name, Hash, Size)) return false; + HashString const hs(SupportedHashes[i], Hash); if (Entries.find(Name) == Entries.end()) { metaIndex::checkSum *Sum = new metaIndex::checkSum; Sum->MetaKeyFilename = Name; Sum->Size = Size; Sum->Hashes.FileSize(Size); - APT_IGNORE_DEPRECATED(Sum->Hash = HashString(HashString::SupportedHashes()[i],Hash);) + APT_IGNORE_DEPRECATED(Sum->Hash = hs;) Entries[Name] = Sum; } - Entries[Name]->Hashes.push_back(HashString(HashString::SupportedHashes()[i],Hash)); + Entries[Name]->Hashes.push_back(hs); FoundHashSum = true; + if (FoundStrongHashSum == false && hs.usable() == true) + FoundStrongHashSum = true; } } @@ -381,6 +386,12 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro strprintf(*ErrorText, _("No Hash entry in Release file %s"), Filename.c_str()); return false; } + if(FoundStrongHashSum == false) + { + if (ErrorText != NULL) + strprintf(*ErrorText, _("No Hash entry in Release file %s, which is considered strong enough for security purposes"), Filename.c_str()); + return false; + } std::string const StrDate = Section.FindS("Date"); if (RFC1123StrToTime(StrDate.c_str(), Date) == false) |