texlive[48130] Master/tlpkg/TeXLive: more detailed error checking

commits+preining at tug.org commits+preining at tug.org
Wed Jul 4 00:24:08 CEST 2018


Revision: 48130
          http://tug.org/svn/texlive?view=revision&revision=48130
Author:   preining
Date:     2018-07-04 00:24:07 +0200 (Wed, 04 Jul 2018)
Log Message:
-----------
more detailed error checking during signature verification

Modified Paths:
--------------
    trunk/Master/tlpkg/TeXLive/TLCrypto.pm
    trunk/Master/tlpkg/TeXLive/TLPDB.pm
    trunk/Master/tlpkg/TeXLive/TLUtils.pm

Modified: trunk/Master/tlpkg/TeXLive/TLCrypto.pm
===================================================================
--- trunk/Master/tlpkg/TeXLive/TLCrypto.pm	2018-07-03 22:15:38 UTC (rev 48129)
+++ trunk/Master/tlpkg/TeXLive/TLCrypto.pm	2018-07-03 22:24:07 UTC (rev 48130)
@@ -252,6 +252,17 @@
     debug("verify_checksum: download did not succeed for $checksum_url\n");
     return($VS_CONNECTION_ERROR, "download did not succeed: $checksum_url");
   }
+
+  # check that we have a non-trivial size for the checksum file
+  # the size should be at least 128 + 1 + length(filename) > 129
+  {
+    my $css = -s $checksum_file;
+    if ($css <= 128) {
+      debug("verify_checksum: size of checksum file suspicious: $css\n");
+      return($VS_CONNECTION_ERROR, "download corrupted: $checksum_url");
+    }
+  }
+
   # check the signature
   my ($ret, $msg) = verify_signature($checksum_file, $checksum_url);
 
@@ -418,6 +429,26 @@
     my $signature_file
       = TeXLive::TLUtils::download_to_temp_or_file($signature_url);
     if ($signature_file) {
+      {
+        # we expect a signature to be at least
+        # 30 header line + 30 footer line + 256 > 300
+        my $sigsize = -s $signature_file;
+        if ($sigsize < 300) {
+          debug("cryptographic signature seems to be corrupted (size $sigsize<300): $signature_url, $signature_file\n");
+          return($VS_UNSIGNED, "cryptographic signature download seems to be corrupted (size $sigsize<300)");
+        }
+      }
+      # check also the first line of the signature file for
+      # -----BEGIN PGP SIGNATURE-----
+      {
+        open my $file, '<', $signature_file;
+        chomp(my $firstLine = <$file>);
+        close $file;
+        if ($firstLine !~ m/^-----BEGIN PGP SIGNATURE-----/) {
+          debug("cryptographic signature seems to be corrupted (first line not signature): $signature_url, $signature_file, $firstLine\n");
+          return($VS_UNSIGNED, "cryptographic signature download seems to be corrupted (first line of $signature_url not signature: $firstLine)");
+        }
+      }
       my ($ret, $out) = gpg_verify_signature($file, $signature_file);
       if ($ret == 1) {
         # no need to show the output

Modified: trunk/Master/tlpkg/TeXLive/TLPDB.pm
===================================================================
--- trunk/Master/tlpkg/TeXLive/TLPDB.pm	2018-07-03 22:15:38 UTC (rev 48129)
+++ trunk/Master/tlpkg/TeXLive/TLPDB.pm	2018-07-03 22:24:07 UTC (rev 48130)
@@ -370,7 +370,7 @@
       } elsif ($r == $VS_CONNECTION_ERROR) {
         tldie("$0: cannot download: $m\n");
       } elsif ($r == $VS_UNSIGNED) {
-        debug("$0: remote database checksum is not signed, continuing anyway!\n");
+        debug("$0: remote database checksum is not signed, continuing anyway: $m\n");
         $self->verification_status($r);
       } elsif ($r == $VS_GPG_UNAVAILABLE) {
         debug("$0: TLPDB: no gpg available, continuing anyway!\n");

Modified: trunk/Master/tlpkg/TeXLive/TLUtils.pm
===================================================================
--- trunk/Master/tlpkg/TeXLive/TLUtils.pm	2018-07-03 22:15:38 UTC (rev 48129)
+++ trunk/Master/tlpkg/TeXLive/TLUtils.pm	2018-07-03 22:24:07 UTC (rev 48130)
@@ -3908,7 +3908,8 @@
 
 =item C<< download_to_temp_or_file($url) >>
 
-If C<$url> tries to download the file into a temporary file.
+If C<$url> is a url, tries to download the file into a temporary file.
+Otherwise assume that C<$url> is a local file.
 In both cases returns the local file.
 
 Returns the local file name if succeeded, otherwise undef.



More information about the tex-live-commits mailing list