Startseite Erkunden Hilfe
Anmelden
NitoTV
/
apt
Beobachten 2
Favorit hinzufügen 0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Branch: master
Branches Tags
apt
/
test
/
integration
/
test-cve-2013-1051-InRelease-parsing

test-cve-2013-1051-InRelease-parsing 2.3 KB
Permalink Verlauf Originalformat

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 
  1. #!/bin/sh
    2. 

  2. set -e
    3. 

  3. 

  4. TESTDIR="$(readlink -f "$(dirname "$0")")"
    5. 

  5. . "$TESTDIR/framework"
    6. 

  6. 

  7. setupenvironment
    8. 

  8. configarchitecture 'i386'
    9. 

  9. 

  10. insertpackage 'stable' 'good-pkg' 'all' '1.0'
    11. 

  11. 

  12. setupaptarchive
    13. 

  13. 

  14. changetowebserver
    15. 

  15. ARCHIVE="http://localhost:${APTHTTPPORT}"
    16. 

  16. msgtest 'Initial apt-get update should work with' 'InRelease'
    17. 

  17. testsuccess --nomsg aptget update
    18. 

  18. 

  19. # check that the setup is correct
    20. 

  20. testsuccessequal "good-pkg:
    21. 

  21.   Installed: (none)
    22. 

  22.   Candidate: 1.0
    23. 

  23.   Version table:
    24. 

  24.      1.0 500
    25. 

  25.         500 ${ARCHIVE} stable/main all Packages" aptcache policy good-pkg
    26. 

  26. 

  27. # now exchange to the Packages file, note that this could be
    28. 

  28. # done via MITM too
    29. 

  29. insertpackage 'stable' 'bad-mitm' 'all' '1.0'
    30. 

  30. 

  31. # this builds compressed files and a new (unsigned) Release
    32. 

  32. buildaptarchivefromfiles '+1hour'
    33. 

  33. 

  34. # add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part
    35. 

  35. # to trick apt - this is still legal to gpg(v)
    36. 

  36. sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/  /g'  aptarchive/dists/stable/InRelease
    37. 

  37. 

  38. # we append the (evil unsigned) Release file to the (good signed) InRelease
    39. 

  39. cat aptarchive/dists/stable/Release >> aptarchive/dists/stable/InRelease
    40. 

  40. touch -d '+1hour' aptarchive/dists/stable/InRelease
    41. 

  41. 

  42. # ensure the update doesn't load bad data as good data
    43. 

  43. # Note that we will pick up the InRelease itself as we download no other
    44. 

  44. # indexes which would trigger a hashsum mismatch, but we ignore the 'bad'
    45. 

  45. # part of the InRelease
    46. 

  46. listcurrentlistsdirectory | sed '/_InRelease/ d' > listsdir.lst
    47. 

  47. msgtest 'apt-get update should ignore unsigned data in the' 'InRelease'
    48. 

  48. testsuccessequal "Get:1 http://localhost:${APTHTTPPORT} stable InRelease [$(stat -c%s aptarchive/dists/stable/InRelease) B]
    49. 

  49. Reading package lists..." --nomsg aptget update
    50. 

  50. testfileequal './listsdir.lst' "$(listcurrentlistsdirectory | sed '/_InRelease/ d')"
    51. 

  51. 

  52. # ensure there is no package
    53. 

  53. testfailureequal 'Reading package lists...
    54. 

  54. Building dependency tree...
    55. 

  55. E: Unable to locate package bad-mitm' aptget install bad-mitm -s
    56. 

  56. 

  57. # and verify that its not picked up
    58. 

  58. testsuccessequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm
    59. 

  59. 

  60. # and that the right one is used
    61. 

  61. testsuccessequal "good-pkg:
    62. 

  62.   Installed: (none)
    63. 

  63.   Candidate: 1.0
    64. 

  64.   Version table:
    65. 

  65.      1.0 500
    66. 

  66.         500 ${ARCHIVE} stable/main all Packages" aptcache policy good-pkg
    67. 

  67.