debianqueued: make pgp_check stricter

[dak.git] / tools / debianqueued-0.9 / debianqueued

diff --git a/tools/debianqueued-0.9/debianqueued b/tools/debianqueued-0.9/debianqueued
index 8dd54c49957f8de534bbe71c8001a58d4fa355b4..1c29eb6849f391d2042a2ac56f36a95309368f7c 100755 (executable)
--- a/tools/debianqueued-0.9/debianqueued
+++ b/tools/debianqueued-0.9/debianqueued
@@ -1325,7 +1325,7 @@ outer_loop: while (<COMMANDS>) {
       } elsif ( $conf::upload_method ne "copy" ) {
         msg( "mail,log", "cancel not available\n" );
       } elsif (
-          $word[1] !~ m,$re_file_safe_prefix.changes\z, )
+          $word[1] !~ m,$re_file_safe_prefix\.changes\z, )
       {
         msg( "mail,log",
           "argument to cancel must be one .changes filename without path\n" );
@@ -1637,8 +1637,9 @@ sub pgp_check($) {
   my $output = "";
   my $signator;
   my $found = 0;
-  my $stat;
+  my $stat = 1;
   local (*PIPE);
+  local $_;
 
   if ($file =~ /$re_file_safe/) {
     $file = $1;
@@ -1647,7 +1648,41 @@ sub pgp_check($) {
     return "LOCAL ERROR";
   }
 
-  $stat = 1;
+  # check the file has only one clear-signed section
+  my $fh;
+  unless (open $fh, "<", $file) {
+         msg("log,mail", "Could not open $file\n");
+         return "";
+  }
+  unless (<$fh> eq "-----BEGIN PGP SIGNED MESSAGE-----\n") {
+         msg("log,mail", "$file: does not start with a clearsigned message\n");
+         return "";
+  }
+  my $pgplines = 1;
+  while (<$fh>) {
+         if (/\A- /) {
+                 msg("log,mail", "$file: dash-escaped messages are not accepted\n");
+                 return "";
+         }
+         elsif ($_ eq "-----BEGIN PGP SIGNATURE-----\n"
+                    || $_ eq "-----END PGP SIGNATURE-----\n") {
+                 $pgplines++;
+         }
+         elsif (/\A--/) {
+                 msg("log,mail", "$file: unexpected OpenPGP armor\n");
+                 return "";
+         }
+         elsif ($pgplines > 3 && /\S/) {
+                 msg("log,mail", "$file: found text after end of signature\n");
+                 return "";
+         }
+  }
+  if ($pgplines != 3) {
+         msg("log,mail", "$file: doesn't seem to be a valid clearsigned OpenPGP message\n");
+         return "";
+  }
+  close $fh;
+
   if ( -x $conf::gpg ) {
     my @command = ("$conf::gpg", "--no-options", "--batch", "--no-tty",
                    "--trust-model", "always", "--no-default-keyring",
@@ -2095,17 +2130,9 @@ sub check_incoming_writable() {
     unlink $file;
     ftp_cmd( "delete", $file );
   } elsif ( $conf::upload_method eq "copy" ) {
-    unlink("$main::current_targetdir/$testfile");
-    unless (open my $fh, ">>", "$main::current_targetdir/$testfile") {
+    unless(POSIX::access($main::current_targetdir, &POSIX::W_OK)) {
+      $msg = "No write access: $!";
       $stat = 1;
-      $msg = "Could not create $testfile: $!";
-    }
-    else {
-      close $fh;
-      unless (unlink("$main::current_targetdir/$testfile")) {
-        $stat = 1;
-        $msg = "Could not unlink file $testfile: $!";
-      }
     }
   }
   chomp($msg);