From dcbae505308758df2870c0424e3f5a1dfebcb5ec Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Mon, 18 Oct 2021 15:48:05 +0200 Subject: Only allow full Signed-By keys where filenames are allowed Rename the argument to Introducer and generalize it to anything that introduces new keys into the trusted vector, like file names and full keys. --- apt-pkg/deb/debmetaindex.cc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index 298ff5007..88a55a477 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -54,10 +54,12 @@ static std::string transformFingergrpintsWithFilenames(std::string const &finger return transformFingergrpints(finger); } /*}}}*/ -static std::string NormalizeSignedBy(std::string SignedBy, bool const SupportFilenames) /*{{{*/ +// Introducer is set if additional keys may be introduced, for example /*{{{*/ +// by setting it to a filename or a complete key +static std::string NormalizeSignedBy(std::string SignedBy, bool const Introducer) { // This is an embedded public pgp key, normalize spaces inside it and empty "." lines - if (SignedBy.find("-----BEGIN PGP PUBLIC KEY BLOCK-----") != std::string::npos) { + if (Introducer && SignedBy.find("-----BEGIN PGP PUBLIC KEY BLOCK-----") != std::string::npos) { std::istringstream is(SignedBy); std::ostringstream os; std::string line; @@ -84,7 +86,7 @@ static std::string NormalizeSignedBy(std::string SignedBy, bool const SupportFil fingers.erase(std::remove_if(fingers.begin(), fingers.end(), isAnEmptyString), fingers.end()); if (unlikely(fingers.empty())) return ""; - if (SupportFilenames) + if (Introducer) std::transform(fingers.begin(), fingers.end(), fingers.begin(), transformFingergrpintsWithFilenames); else std::transform(fingers.begin(), fingers.end(), fingers.begin(), transformFingergrpints); -- cgit v1.2.3-70-g09d2