diff -Nru apt-1.0.1ubuntu2.15/apt-pkg/contrib/gpgv.cc apt-1.0.1ubuntu2.16/apt-pkg/contrib/gpgv.cc --- apt-1.0.1ubuntu2.15/apt-pkg/contrib/gpgv.cc 2014-09-30 00:23:17.000000000 +0200 +++ apt-1.0.1ubuntu2.16/apt-pkg/contrib/gpgv.cc 2016-12-06 16:18:16.000000000 +0100 @@ -247,6 +247,19 @@ } /*}}}*/ // SplitClearSignedFile - split message into data/signature /*{{{*/ +static int GetLineErrno(char **lineptr, size_t *n, FILE *stream, std::string const &InFile) +{ + int result; + + errno = 0; + result = getline(lineptr, n, stream); + if (errno != 0) { + _error->Errno("getline", "Could not read from %s", InFile.c_str()); + return -1; + } + + return result; +} bool SplitClearSignedFile(std::string const &InFile, FileFd * const ContentFile, std::vector * const ContentHeader, FileFd * const SignatureFile) { @@ -262,7 +275,7 @@ char *buf = NULL; size_t buf_size = 0; - while (getline(&buf, &buf_size, in) != -1) + while (GetLineErrno(&buf, &buf_size, in, InFile) != -1) { _strrstrip(buf); if (found_message_start == false) @@ -324,6 +337,11 @@ } fclose(in); + // An error occured during reading - propagate it up + if (_error->PendingError()) { + return false; + } + if (found_signature == true) return _error->Error("Signature in file %s wasn't closed", InFile.c_str()); diff -Nru apt-1.0.1ubuntu2.15/debian/changelog apt-1.0.1ubuntu2.16/debian/changelog --- apt-1.0.1ubuntu2.15/debian/changelog 2016-09-23 17:54:01.000000000 +0200 +++ apt-1.0.1ubuntu2.16/debian/changelog 2016-12-06 16:18:44.000000000 +0100 @@ -1,3 +1,11 @@ +apt (1.0.1ubuntu2.16) trusty-security; urgency=high + + * SECURITY UPDATE: gpgv: Check for errors during reading, esp. getline() + Thanks to Jann Horn, Google Project Zero for reporting the issue + (LP: #1647467) (CVE-2016-1252) + + -- Julian Andres Klode Tue, 06 Dec 2016 16:18:32 +0100 + apt (1.0.1ubuntu2.15) trusty; urgency=medium * Fixes failure to download the Package index file when using