[tbb-commits] [rbm/master] Bug 30480: Check that a signed tag object contains the expected tag name
gk at torproject.org
gk at torproject.org
Mon May 27 13:01:01 UTC 2019
commit e04f03f9626e993bb66d7784d258f95ca07bc769
Author: Nicolas Vigier <boklm at torproject.org>
Date: Thu May 16 12:38:08 2019 +0200
Bug 30480: Check that a signed tag object contains the expected tag name
When checking the signature on a tag, we also need to check that the tag
is really the expected tag in order to avoid rollback attacks.
Thanks to Santiago Torres-Arias and Keving Gallagher from NYU for
reporting and helping to fix this issue.
---
lib/RBM.pm | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/lib/RBM.pm b/lib/RBM.pm
index 4416a0c..75912af 100644
--- a/lib/RBM.pm
+++ b/lib/RBM.pm
@@ -308,6 +308,16 @@ sub git_commit_sign_id {
return gpg_get_fingerprint(@l);
}
+sub git_get_signed_tagname {
+ foreach my $l (split(/\n/, $_[0])) {
+ # the tag message is separated from headers by an empty line, so we
+ # ignore anything after the first empty line
+ return '' unless $l;
+ return $1 if $l =~ m/^tag (.*)$/;
+ }
+ return '';
+}
+
sub git_tag_sign_id {
my ($project, $tag) = @_;
my $w = set_git_gpg_wrapper($project);
@@ -315,6 +325,7 @@ sub git_tag_sign_id {
= capture_exec('git', 'tag', '-v', $tag);
unset_git_gpg_wrapper($w);
return undef unless $success;
+ return undef unless git_get_signed_tagname($stdout) eq $tag;
return gpg_get_fingerprint(split /\n/, $stderr);
}
More information about the tbb-commits
mailing list