ソースを参照

Fix regression for file:/// uris from CVE-2014-0487

Do not run ReverifyAfterIMS() for local file URIs as this will
causes apt to mess around in the file:/// uri space. This is
wrong in itself, but it will also cause a incorrect verification
failure when the archive and the lists directory are on different
partitions as rename().
Michael Vogt 11 年 前
コミット
daff4aa356
共有2 個のファイルを変更した33 個の追加12 個の削除を含む
  1. 6 12
      apt-pkg/acquire-item.cc
  2. 27 0
      test/integration/test-apt-update-file

+ 6 - 12
apt-pkg/acquire-item.cc

@@ -1120,12 +1120,6 @@ void pkgAcqIndex::Done(string Message,unsigned long long Size,string Hash,
    string FileName = LookupTag(Message,"Alt-Filename");
    string FileName = LookupTag(Message,"Alt-Filename");
    if (FileName.empty() == false)
    if (FileName.empty() == false)
    {
    {
-      // The files timestamp matches
-      if (StringToBool(LookupTag(Message,"Alt-IMS-Hit"),false) == true)
-      {
-         ReverifyAfterIMS(FileName);
-         return;
-      }
       Decompression = true;
       Decompression = true;
       Local = true;
       Local = true;
       DestFile += ".decomp";
       DestFile += ".decomp";
@@ -1142,18 +1136,18 @@ void pkgAcqIndex::Done(string Message,unsigned long long Size,string Hash,
       ErrorText = "Method gave a blank filename";
       ErrorText = "Method gave a blank filename";
    }
    }
 
 
+   if (FileName == DestFile)
+      Erase = true;
+   else
+      Local = true;
+
    // The files timestamp matches
    // The files timestamp matches
-   if (StringToBool(LookupTag(Message,"IMS-Hit"),false) == true)
+   if (!Local && StringToBool(LookupTag(Message,"IMS-Hit"),false) == true)
    {
    {
       ReverifyAfterIMS(FileName);
       ReverifyAfterIMS(FileName);
       return;
       return;
    }
    }
 
 
-   if (FileName == DestFile)
-      Erase = true;
-   else
-      Local = true;
-   
    string decompProg;
    string decompProg;
 
 
    // If we enable compressed indexes, queue for hash verification
    // If we enable compressed indexes, queue for hash verification

+ 27 - 0
test/integration/test-apt-update-file

@@ -0,0 +1,27 @@
+#!/bin/sh
+#
+# Ensure that we do not modify file:/// uris (regression test for
+# CVE-2014-0487
+#
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+
+setupenvironment
+configarchitecture "amd64"
+configcompression 'bz2' 'gz' 
+
+insertpackage 'unstable' 'foo' 'all' '1.0'
+
+umask 022
+setupaptarchive --no-update
+
+# ensure the archive is not writable
+chmod 550 aptarchive/dists/unstable/main/binary-amd64
+
+testsuccess aptget update -qq
+testsuccess aptget update -qq
+
+# the cleanup should still work
+chmod 750 aptarchive/dists/unstable/main/binary-amd64