Home Explore Help
Sign In
NitoTV
/
dpkg
Watch 2
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
dpkg
/
scripts
/
t
/
Dpkg_Source_Patch.t

Dpkg_Source_Patch.t 2.5 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. #!/usr/bin/perl
    2. 

  2. #
    3. 

  3. # This program is free software; you can redistribute it and/or modify
    4. 

  4. # it under the terms of the GNU General Public License as published by
    5. 

  5. # the Free Software Foundation; either version 2 of the License, or
    6. 

  6. # (at your option) any later version.
    7. 

  7. #
    8. 

  8. # This program is distributed in the hope that it will be useful,
    9. 

  9. # but WITHOUT ANY WARRANTY; without even the implied warranty of
    10. 

  10. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    11. 

  11. # GNU General Public License for more details.
    12. 

  12. #
    13. 

  13. # You should have received a copy of the GNU General Public License
    14. 

  14. # along with this program.  If not, see <https://www.gnu.org/licenses/>.
    15. 

  15. 

  16. use strict;
    17. 

  17. use warnings;
    18. 

  18. 

  19. use Test::More tests => 9;
    20. 

  20. use Test::Dpkg qw(:paths);
    21. 

  21. 

  22. use File::Path qw(make_path);
    23. 

  23. 

  24. BEGIN {
    25. 

  25.     use_ok('Dpkg::Source::Patch');
    26. 

  26. }
    27. 

  27. 

  28. my $datadir = test_get_data_path('t/Dpkg_Source_Patch');
    29. 

  29. my $tmpdir = 't.tmp/Dpkg_Source_Patch';
    30. 

  30. 

  31. sub test_patch_escape {
    32. 

  32.     my ($name, $symlink, $patchname, $desc) = @_;
    33. 

  33. 

  34.     make_path("$tmpdir/$name-tree");
    35. 

  35.     make_path("$tmpdir/$name-out");
    36. 

  36.     symlink "../$name-out", "$tmpdir/$name-tree/$symlink";
    37. 

  37. 

  38.     my $patch = Dpkg::Source::Patch->new(filename => "$datadir/$patchname");
    39. 

  39.     eval {
    40. 

  40.         $patch->apply("$tmpdir/$name-tree", verbose => 0);
    41. 

  41.     };
    42. 

  42.     ok(rmdir "$tmpdir/$name-out", $desc);
    43. 

  43. }
    44. 

  44. 

  45. # This is CVE-2014-0471 with GNU patch >= 2.7
    46. 

  46. test_patch_escape('c-style-parsed', "\tmp", 'c-style.patch',
    47. 

  47.                   'Patch cannot escape using known c-style encoded filename');
    48. 

  48. 

  49. # This is CVE-2014-0471 with GNU patch < 2.7
    50. 

  50. test_patch_escape('c-style-unknown', '\\tmp', 'c-style.patch',
    51. 

  51.                   'Patch cannot escape using unknown c-style encoded filename');
    52. 

  52. 

  53. # This is CVE-2014-3865
    54. 

  54. test_patch_escape('index-alone', 'symlink', 'index-alone.patch',
    55. 

  55.                   'Patch cannot escape using Index: w/o ---/+++ header');
    56. 

  56. test_patch_escape('index-+++', 'symlink', 'index-+++.patch',
    57. 

  57.                   'Patch cannot escape using Index: w/ only +++ header');
    58. 

  58. test_patch_escape('index-inert', 'symlink', 'index-inert.patch',
    59. 

  59.                   'Patch should not fail to apply using an inert Index:');
    60. 

  60. ok(-e "$tmpdir/index-inert-tree/inert-file",
    61. 

  61.    'Patch with inert Index: applies correctly');
    62. 

  62. 

  63. # This is CVE-2014-3864
    64. 

  64. test_patch_escape('partial', 'symlink', 'partial.patch',
    65. 

  65.                   'Patch cannot escape using partial +++ header');
    66. 

  66. 

  67. test_patch_escape('ghost-hunk', 'symlink', 'ghost-hunk.patch',
    68. 

  68.                   'Patch cannot escape using a disabling hunk');
    69. 

  69. 

  70. 1;
    71. 

  71.