From 002dbae0269e945faf57697461f6cfa529bb6e23 Mon Sep 17 00:00:00 2001 From: delphij Date: Wed, 19 Aug 2015 18:33:25 +0000 Subject: [PATCH] Instant-MFC r286933: Issue warning and refuse to proceed further if the configured repository signature_type is unsupported by bootstrap pkg(7). Previously, when signature_type specified an unsupported method, the bootstrap pkg(7) would proceed like when signature_type is "none". MITM attackers may be able to use this vulnerability and bypass validation and install their own versions of pkg(8). At this time, only fingerprint and none are supported by the bootstrap pkg(7). FreeBSD's official pkg(8) repository uses the fingerprint method and is therefore unaffected. Errata candidate. git-svn-id: svn://svn.freebsd.org/base/stable/9@286936 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- usr.sbin/pkg/pkg.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/usr.sbin/pkg/pkg.c b/usr.sbin/pkg/pkg.c index 6e5163b4a..659f58800 100644 --- a/usr.sbin/pkg/pkg.c +++ b/usr.sbin/pkg/pkg.c @@ -750,7 +750,13 @@ bootstrap_pkg(bool force) goto fetchfail; if (signature_type != NULL && - strcasecmp(signature_type, "FINGERPRINTS") == 0) { + strcasecmp(signature_type, "NONE") != 0) { + if (strcasecmp(signature_type, "FINGERPRINTS") != 0) { + warnx("Signature type %s is not supported for " + "bootstrapping.", signature_type); + goto cleanup; + } + snprintf(tmpsig, MAXPATHLEN, "%s/pkg.txz.sig.XXXXXX", getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP); snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.sig", @@ -835,7 +841,13 @@ bootstrap_pkg_local(const char *pkgpath, bool force) return (-1); } if (signature_type != NULL && - strcasecmp(signature_type, "FINGERPRINTS") == 0) { + strcasecmp(signature_type, "NONE") != 0) { + if (strcasecmp(signature_type, "FINGERPRINTS") != 0) { + warnx("Signature type %s is not supported for " + "bootstrapping.", signature_type); + goto cleanup; + } + snprintf(path, sizeof(path), "%s.sig", pkgpath); if ((fd_sig = open(path, O_RDONLY)) == -1) { -- 2.45.0