diff options
author | David Kalnischkies <david@kalnischkies.de> | 2020-07-08 17:51:40 +0200 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2020-12-18 19:02:05 +0100 |
commit | 97be873d782c5e9aaa8b4f4f4e6e18805d0fa51c (patch) | |
tree | e04d92ccbba4e17b1e6b8655df0de8defed98bcb /test/integration/test-cve-2019-3462-dequote-injection | |
parent | ece7f5bb0afee0994a4fb4380e756ce725fe67a9 (diff) |
Proper URI encoding for config requests to our test webserver
Our http method encodes the URI again which results in the double
encoding we have unwrap in the webserver (we did already, but we skip
the filename handling now which does the first decode).
Diffstat (limited to 'test/integration/test-cve-2019-3462-dequote-injection')
-rwxr-xr-x | test/integration/test-cve-2019-3462-dequote-injection | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/test/integration/test-cve-2019-3462-dequote-injection b/test/integration/test-cve-2019-3462-dequote-injection index a1adec6de..74ab03ba5 100755 --- a/test/integration/test-cve-2019-3462-dequote-injection +++ b/test/integration/test-cve-2019-3462-dequote-injection @@ -15,13 +15,12 @@ ORIGINAL_SIZE=$(wc -c aptarchive/pool/alpha_1_all.deb | awk '{print $1}') SHA256="DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF" changetowebserver -webserverconfig aptwebserver::redirect::replace::alpha_1_all.deb "beeta_1_all.deb%250a%250a201%2520URI%2520Done%250aURI:%2520http://localhost:${APTHTTPPORT}/pool/beeta_1_all.deb%250aFilename:%2520${TMPWORKINGDIRECTORY}/rootdir/var/cache/apt/archives/partial/alpha_1_all.deb%250aSize:%252020672%250aLast-Modified:%2520Fri,%252018%2520Jan%25202019%252009:52:02%2520+0000%250aSHA256-Hash:%2520${SHA256}%250aChecksum-FileSize-Hash:%252012345%250a%250a%0a" +runwithbaduri() { + webserverconfig aptwebserver::redirect::replace::alpha_1_all.deb "$1" + testsuccess apt update -o debug::http=1 -o debug::pkgacquire::worker=1 -testsuccess apt update -o debug::http=1 -o debug::pkgacquire::worker=1 - - -testfailureequal "Reading package lists... + testfailureequal "Reading package lists... Building dependency tree... The following NEW packages will be installed: alpha @@ -32,8 +31,10 @@ Err:1 http://localhost:${APTHTTPPORT} unstable/main all alpha all 1 SECURITY: URL redirect target contains control characters, rejecting. E: Failed to fetch http://localhost:${APTHTTPPORT}/pool/alpha_1_all.deb SECURITY: URL redirect target contains control characters, rejecting. E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?" aptget install alpha - - +} +runwithbaduri "beeta_1_all.deb%0a%0a201%20URI%20Done%0aURI:%20http://localhost:${APTHTTPPORT}/pool/beeta_1_all.deb%0aFilename:%20${TMPWORKINGDIRECTORY}/rootdir/var/cache/apt/archives/partial/alpha_1_all.deb%0aSize:%2020672%0aLast-Modified:%20Fri,%2018%20Jan%202019%2009:52:02%20+0000%0aSHA256-Hash:%20${SHA256}%0aChecksum-FileSize-Hash:%2012345%0a%0a%0a" +rm -rf rootdir/var/lib/apt/lists +runwithbaduri "beeta_1_all.deb%250a%250a201%2520URI%2520Done%250aURI:%2520http://localhost:${APTHTTPPORT}/pool/beeta_1_all.deb%250aFilename:%2520${TMPWORKINGDIRECTORY}/rootdir/var/cache/apt/archives/partial/alpha_1_all.deb%250aSize:%252020672%250aLast-Modified:%2520Fri,%252018%2520Jan%25202019%252009:52:02%2520+0000%250aSHA256-Hash:%2520${SHA256}%250aChecksum-FileSize-Hash:%252012345%250a%250a%0a" # For reference, the following is the original reproducer/bug. It has # been disabled using exit 0, as it will fail in fixed versions. |