summaryrefslogtreecommitdiff
path: root/test/integration/test-cve-2019-3462-Release.gpg-payload
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2019-02-01 14:40:06 +0000
committerJulian Andres Klode <jak@debian.org>2019-02-01 14:40:06 +0000
commitd5dcc2e9d3008b57c3fae0bcb5b1c2a197f5430c (patch)
tree18472bd719bbd40e687d58f09c578382ae6a72ac /test/integration/test-cve-2019-3462-Release.gpg-payload
parentb358bd64fc537de4e25c25b79de87346ec51a50c (diff)
parent8aa2053368d1bb82755164eaa36a10410b434c7c (diff)
Merge branch 'pu/refuseunsignedlines' into 'master'
Fail if InRelease or Release.gpg contain unsigned lines See merge request apt-team/apt!45
Diffstat (limited to 'test/integration/test-cve-2019-3462-Release.gpg-payload')
-rwxr-xr-xtest/integration/test-cve-2019-3462-Release.gpg-payload43
1 files changed, 43 insertions, 0 deletions
diff --git a/test/integration/test-cve-2019-3462-Release.gpg-payload b/test/integration/test-cve-2019-3462-Release.gpg-payload
new file mode 100755
index 000000000..fd0f96713
--- /dev/null
+++ b/test/integration/test-cve-2019-3462-Release.gpg-payload
@@ -0,0 +1,43 @@
+#!/bin/sh
+set -e
+
+# This is not covered by the CVE and harmless by itself, but used in
+# the exploit and while harmless it is also pointless to allow it
+
+TESTDIR="$(readlink -f "$(dirname "$0")")"
+. "$TESTDIR/framework"
+
+setupenvironment
+configarchitecture 'amd64'
+
+export APT_DONT_SIGN='InRelease'
+
+insertpackage 'unstable' 'foo' 'all' '1'
+setupaptarchive
+rm -rf rootdir/var/lib/apt/lists
+
+verify() {
+ testfailure apt update
+ testsuccess grep '^ Detached signature file' rootdir/tmp/testfailure.output
+ testfailure apt show foo
+}
+
+msgmsg 'Payload after detached signature'
+find aptarchive -name 'Release.gpg' | while read FILE; do
+ cp -a "$FILE" "${FILE}.bak"
+ echo "evil payload" >> "$FILE"
+done
+verify
+
+msgmsg 'Payload in-between detached signatures'
+find aptarchive -name 'Release.gpg' | while read FILE; do
+ cat "${FILE}.bak" >> "$FILE"
+done
+verify
+
+msgmsg 'Payload before detached signature'
+find aptarchive -name 'Release.gpg' | while read FILE; do
+ echo "evil payload" > "$FILE"
+ cat "${FILE}.bak" >> "$FILE"
+done
+verify