diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2014-10-23 16:54:00 +0200 |
|---|---|---|
| committer | David Kalnischkies <david@kalnischkies.de> | 2014-10-24 23:54:59 +0200 |
| commit | 23397c9d7d4d455461176600bb45c81185493504 (patch) | |
| tree | d31bba61b1c04aa66f9a17dca19127dd94d8f65d /test/integration | |
| parent | 10e100e59a96ea7b6834a139beab5d9d70180633 (diff) | |
promote filesize to a hashstring
It is a very simple hashstring, which is why it isn't contributing to
the usability of a list of them, but it is also trivial to check and
calculate, so it doesn't hurt checking it either as it can combined even
with the simplest other hashes greatly complicate attacks on them as you
suddenly need a same-size hash collision, which is usually a lot harder
to achieve.
Diffstat (limited to 'test/integration')
| -rwxr-xr-x | test/integration/test-apt-update-filesize-mismatch | 55 | ||||
| -rwxr-xr-x | test/integration/test-apt-update-hashsum-mismatch | 49 | ||||
| -rwxr-xr-x | test/integration/test-apt-update-ims | 2 |
3 files changed, 105 insertions, 1 deletions
diff --git a/test/integration/test-apt-update-filesize-mismatch b/test/integration/test-apt-update-filesize-mismatch new file mode 100755 index 000000000..8c73c059e --- /dev/null +++ b/test/integration/test-apt-update-filesize-mismatch @@ -0,0 +1,55 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework +setupenvironment +configarchitecture 'i386' +configcompression 'gz' + +insertpackage 'testing' 'foo' 'all' '1' +insertpackage 'testing' 'foo2' 'all' '1' +insertsource 'testing' 'foo' 'all' '1' +insertsource 'testing' 'foo2' 'all' '1' + +setupaptarchive --no-update +changetowebserver + +find aptarchive \( -name 'Packages' -o -name 'Sources' -o -name 'Translation-en' \) -delete +for release in $(find aptarchive -name 'Release'); do + cp "$release" "${release}.backup" +done + +testsuccess aptget update +testsuccess aptcache show foo +testsuccess aptget install foo -s + +for get in $(sed -n 's#^GET /\([^ ]\+\.gz\) HTTP.\+$#\1#p' aptarchive/webserver.log); do + for ext in '' '.gz'; do + COMPRESSFILE="$get" + get="${get}${ext}" + FILE="$(basename -s '.gz' "$get")" + msgmsg 'Test filesize mismatch with file' "$FILE" + rm -rf rootdir/var/lib/apt/lists + + for release in $(find aptarchive -name 'Release'); do + SIZE="$(awk "/$FILE\$/ { print \$2; exit }" "${release}.backup")" + sed "s# $SIZE # $(($SIZE + 111)) #" "${release}.backup" > "$release" + done + signreleasefiles + + TEST='testfailure' + if expr match "$COMPRESSFILE" '^.*Translation-.*$' >/dev/null; then + TEST='testsuccess' + unset COMPRESSFILE + fi + $TEST aptget update -o Debug::pkgAcquire::Worker=1 + cp rootdir/tmp/${TEST}.output rootdir/tmp/update.output + testsuccess grep -E "$(basename -s '.gz' "$COMPRESSFILE").*Hash Sum mismatch" rootdir/tmp/update.output + $TEST aptcache show foo + $TEST aptget install foo -s + + testfailure aptcache show bar + testfailure aptget install bar -s + done +done diff --git a/test/integration/test-apt-update-hashsum-mismatch b/test/integration/test-apt-update-hashsum-mismatch new file mode 100755 index 000000000..747418c53 --- /dev/null +++ b/test/integration/test-apt-update-hashsum-mismatch @@ -0,0 +1,49 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework +setupenvironment +configarchitecture 'i386' +configcompression 'gz' + +insertpackage 'testing' 'foo' 'all' '1' +insertpackage 'testing' 'foo2' 'all' '1' +insertsource 'testing' 'foo' 'all' '1' +insertsource 'testing' 'foo2' 'all' '1' + +setupaptarchive --no-update +changetowebserver + +echo 'Package: bar +Maintainer: Doctor Evil <evil@example.com> +Description: come to the dark side +' > aptarchive/DoctorEvil +compressfile aptarchive/DoctorEvil + +find aptarchive \( -name 'Packages' -o -name 'Sources' -o -name 'Translation-en' \) -delete + +testsuccess aptget update +testsuccess aptcache show foo +testsuccess aptget install foo -s + +for get in $(sed -n 's#^GET /\([^ ]\+\.gz\) HTTP.\+$#\1#p' aptarchive/webserver.log); do + msgmsg 'Test hashsum mismatch with file' "$get" + rm -rf rootdir/var/lib/apt/lists + webserverconfig 'aptwebserver::overwrite' '' + webserverconfig "aptwebserver::overwrite::$(printf '%s' "${get}" | sed 's#/#%2F#g' )::filename" '%2FDoctorEvil.gz' + + TEST='testfailure' + if expr match "$get" '^.*Translation-.*$' >/dev/null; then + TEST='testsuccess' + unset get + fi + $TEST aptget update + cp rootdir/tmp/${TEST}.output rootdir/tmp/update.output + testsuccess grep -E "$(basename -s '.gz' "$get").*Hash Sum mismatch" rootdir/tmp/update.output + $TEST aptcache show foo + $TEST aptget install foo -s + + testfailure aptcache show bar + testfailure aptget install bar -s +done diff --git a/test/integration/test-apt-update-ims b/test/integration/test-apt-update-ims index afae99563..5394a9f30 100755 --- a/test/integration/test-apt-update-ims +++ b/test/integration/test-apt-update-ims @@ -30,7 +30,7 @@ runtest() { # ensure that we still do a hash check on ims hit msgtest 'Test I-M-S' 'reverify' - aptget update -o Debug::pkgAcquire::Auth=1 2>&1 | grep -A1 'RecivedHash:' | grep -q -- '- SHA' && msgpass || msgfail + aptget update -o Debug::pkgAcquire::Auth=1 2>&1 | grep -A2 'RecivedHash:' | grep -q -- '- SHA' && msgpass || msgfail # ensure no leftovers in partial testfailure ls "rootdir/var/lib/apt/lists/partial/*" |