From: espie <espie@openbsd.org>
Date: Tue, 14 Jan 2014 10:05:58 +0000 (+0000)
Subject: reorder signature checks, we can do much more upfront.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=dd3b786cfb3fe27b30956ab0ca03420c3d6e43f7;p=openbsd

reorder signature checks, we can do much more upfront.
clean up temp files always.
use a regexp for allowed keys, put default key up in front still.
---

diff --git a/usr.sbin/pkg_add/OpenBSD/AddCreateDelete.pm b/usr.sbin/pkg_add/OpenBSD/AddCreateDelete.pm
index 1bed9b71b09..adc558a2e80 100644
--- a/usr.sbin/pkg_add/OpenBSD/AddCreateDelete.pm
+++ b/usr.sbin/pkg_add/OpenBSD/AddCreateDelete.pm
@@ -1,5 +1,5 @@
 # ex:ts=8 sw=4:
-# $OpenBSD: AddCreateDelete.pm,v 1.20 2014/01/12 11:18:57 espie Exp $
+# $OpenBSD: AddCreateDelete.pm,v 1.21 2014/01/14 10:05:58 espie Exp $
 #
 # Copyright (c) 2007-2014 Marc Espie <espie@openbsd.org>
 #
@@ -118,11 +118,10 @@ OpenBSD::Auto::cache(signer_list,
 			my $value = `$cmd`;
 			$value =~ s/\.//;
 			chomp $value;
-			my $previous = $value - 1;
 			if ($self->defines('FW_UPDATE')) {
-				return [$value."fw", $previous."fw"];
+				return [$value."fw", qr{^\d+fw$}];
 			} else {
-				return [$value."pkg", $previous."pkg"];
+				return [$value."pkg", qr{^\d+pkg$}];
 			}
 		}
 	});
diff --git a/usr.sbin/pkg_add/OpenBSD/signify.pm b/usr.sbin/pkg_add/OpenBSD/signify.pm
index cebdf8f8731..fbe1dfd56b0 100644
--- a/usr.sbin/pkg_add/OpenBSD/signify.pm
+++ b/usr.sbin/pkg_add/OpenBSD/signify.pm
@@ -1,5 +1,5 @@
 # ex:ts=8 sw=4:
-# $OpenBSD: signify.pm,v 1.9 2014/01/13 01:41:34 tedu Exp $
+# $OpenBSD: signify.pm,v 1.10 2014/01/14 10:05:58 espie Exp $
 #
 # Copyright (c) 2013-2014 Marc Espie <espie@openbsd.org>
 #
@@ -53,6 +53,19 @@ sub compute_signature
 sub check_signature
 {
 	my ($plist, $state) = @_;
+	
+	if (!$plist->has('signer')) {
+		$state->errsay("Invalid signed plist: no \@signer");
+		return 0;
+	}
+	my $signer = $plist->get('signer')->name;
+	my $pubkey = OpenBSD::Paths->signifykey($signer);
+	if (!-f $pubkey) {
+		$state->errsay("Can't find key #1 for signer #1", $pubkey, 
+		    $signer);
+		return 0;
+	}
+
 	my $sig = $plist->get('digital-signature');
 	my ($fh, $fname) = mkstemp("/tmp/pkgcontent.XXXXXXXXX");
 	$plist->write_no_sig($fh);
@@ -60,30 +73,20 @@ sub check_signature
 	print $fh2 $header, $sig->{b64sig}, "\n";
 	close $fh;
 	close $fh2;
-	
-	if (!$plist->has('signer')) {
-		$state->errsay("Invalid signed plist: no \@signer");
+	my $rc = $state->system($cmd, '-p', $pubkey, '-V', '-m', $fname);
+	unlink $fname;
+	unlink $fname.$suffix;
+
+	if ($rc != 0) {
+	    	$state->log("Bad signature");
 		return 0;
 	}
-	my $pubkey;
-	my $signer = $plist->get('signer')->name;
-	if (grep {$_ eq $signer} @{$state->signer_list}) {
-		$pubkey = OpenBSD::Paths->signifykey($signer);
-		if (!-f $pubkey) {
-			$state->errsay("Can't find key #1 for signer #1", 
-			    $pubkey, $signer);
-			return 0;
-		}
-	} else {
+	if (!grep 
+	    {ref($_) eq 'Regexp' ? $signer =~ $_ : $_ eq $signer} 
+	    @{$state->signer_list}) {
 		$state->errsay("Package signed by untrusted party #1", $signer);
 		return 0;
 	}
-	if ($state->system($cmd, '-p', $pubkey, '-V', '-m', $fname) != 0) {
-	    	$state->log("Bad signature");
-		return 0;
-	}
-	unlink $fname;
-	unlink $fname.$suffix;
 	return 1;
 }