From 63d609985eb7eefa5f2332bfe4fab96f017760a1 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 1 Sep 2015 13:58:00 +0200 Subject: use unusable-for-security hashes for integrity checks We want to declare some hashes as not enough for security, so that a user will need --allow-unauthenticated or similar to get data secured only by those hashes, but we can still us these hashes for integrity checks if we got them. --- apt-pkg/acquire-worker.cc | 6 +++ apt-pkg/contrib/hashes.cc | 1 + test/integration/test-apt-helper | 34 +++++++++---- .../test-ubuntu-bug-1098738-apt-get-source-md5sum | 56 +++++++++++++++------- test/libapt/hashsums_test.cc | 14 ++++++ 5 files changed, 85 insertions(+), 26 deletions(-) diff --git a/apt-pkg/acquire-worker.cc b/apt-pkg/acquire-worker.cc index 176772dde..889768030 100644 --- a/apt-pkg/acquire-worker.cc +++ b/apt-pkg/acquire-worker.cc @@ -407,7 +407,13 @@ bool pkgAcquire::Worker::RunMessages() else if (Owner->HashesRequired() == true) consideredOkay = false; else + { consideredOkay = true; + // even if the hashes aren't usable to declare something secure + // we can at least use them to declare it an integrity failure + if (ExpectedHashes.empty() == false && ReceivedHashes != ExpectedHashes && _config->Find("Acquire::ForceHash").empty()) + consideredOkay = false; + } if (consideredOkay == true) consideredOkay = Owner->VerifyDone(Message, Config); diff --git a/apt-pkg/contrib/hashes.cc b/apt-pkg/contrib/hashes.cc index 41a0037cd..5c0023dc7 100644 --- a/apt-pkg/contrib/hashes.cc +++ b/apt-pkg/contrib/hashes.cc @@ -136,6 +136,7 @@ APT_PURE bool HashString::usable() const /*{{{*/ (Type != "MD5Sum") ); } + /*}}}*/ std::string HashString::toStr() const /*{{{*/ { return Type + ":" + Hash; diff --git a/test/integration/test-apt-helper b/test/integration/test-apt-helper index a303e944e..d6c8385af 100755 --- a/test/integration/test-apt-helper +++ b/test/integration/test-apt-helper @@ -13,29 +13,45 @@ test_apt_helper_download() { echo 'foo' > aptarchive/foo echo 'bar' > aptarchive/foo2 - msgtest 'apt-file download-file sha1' + msgtest 'apt-file download-file' 'md5sum' + testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo2 MD5Sum:d3b07384d113edec49eaa6238ad5ff00 + testfileequal ./downloaded/foo2 'foo' + + msgtest 'apt-file download-file' 'sha1' testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo1 SHA1:f1d2d2f924e986ac86fdf7b36c94bcdf32beec15 testfileequal ./downloaded/foo1 'foo' - msgtest 'apt-file download-file sha256' + msgtest 'apt-file download-file' 'sha256' testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo3 SHA256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c testfileequal ./downloaded/foo3 'foo' - msgtest 'apt-file download-file no-hash' + msgtest 'apt-file download-file' 'no-hash' testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo4 testfileequal ./downloaded/foo4 'foo' - - msgtest 'apt-file download-file wrong hash' - testfailure --nomsg apthelper -qq download-file http://localhost:8080/foo ./downloaded/foo5 SHA256:aabbcc + + msgtest 'apt-file download-file' 'wrong md5sum' + testfailure --nomsg apthelper -qq download-file http://localhost:8080/foo ./downloaded/foo5 MD5Sum:aabbcc testfileequal rootdir/tmp/testfailure.output 'E: Failed to fetch http://localhost:8080/foo Hash Sum mismatch E: Download Failed' testfileequal ./downloaded/foo5.FAILED 'foo' - msgtest 'apt-file download-file sha256 sha1' - testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo6 SHA256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c http://localhost:8080/foo2 ./downloaded/foo7 SHA1:e242ed3bffccdf271b7fbaf34ed72d089537b42f - testfileequal ./downloaded/foo6 'foo' + msgtest 'apt-file download-file' 'wrong sha256' + testfailure --nomsg apthelper -qq download-file http://localhost:8080/foo ./downloaded/foo6 SHA256:aabbcc + testfileequal rootdir/tmp/testfailure.output 'E: Failed to fetch http://localhost:8080/foo Hash Sum mismatch + +E: Download Failed' + testfileequal ./downloaded/foo6.FAILED 'foo' + + msgtest 'apt-file download-file' 'sha256 sha1' + testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo8 SHA256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c http://localhost:8080/foo2 ./downloaded/foo7 SHA1:e242ed3bffccdf271b7fbaf34ed72d089537b42f + testfileequal ./downloaded/foo8 'foo' testfileequal ./downloaded/foo7 'bar' + + msgtest 'apt-file download-file' 'md5sum sha1' + testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo9 MD5Sum:d3b07384d113edec49eaa6238ad5ff00 http://localhost:8080/foo2 ./downloaded/foo10 SHA1:e242ed3bffccdf271b7fbaf34ed72d089537b42f + testfileequal ./downloaded/foo9 'foo' + testfileequal ./downloaded/foo10 'bar' } test_apt_helper_detect_proxy() { diff --git a/test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum b/test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum index 26b1393b7..f286f5650 100755 --- a/test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum +++ b/test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum @@ -1,8 +1,4 @@ #!/bin/sh -# -# FIXME: this test is mostly meaningless now as we do not consider -# md5sum sufficient anyway. useful to test that it errors -# if not all hashes pass set -e TESTDIR=$(readlink -f $(dirname $0)) @@ -51,6 +47,15 @@ Checksums-Sha256: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 3 pkg-sha256-bad_1.0.dsc bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 3 pkg-sha256-bad_1.0.tar.gz +Package: pkg-md5-bad +Binary: pkg-md5-bad +Version: 1.0 +Maintainer: Joe Sixpack +Architecture: all +Files: + aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 3 pkg-md5-bad_1.0.dsc + bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 3 pkg-md5-bad_1.0.tar.gz + Package: pkg-no-md5 Binary: pkg-no-md5 Version: 1.0 @@ -136,12 +141,13 @@ EOF # create fetchable files for x in 'pkg-md5-ok' 'pkg-sha256-ok' 'pkg-sha256-bad' 'pkg-no-md5' \ 'pkg-mixed-ok' 'pkg-mixed-sha1-bad' 'pkg-mixed-sha2-bad' \ - 'pkg-md5-agree' 'pkg-md5-disagree' 'pkg-sha256-disagree'; do + 'pkg-md5-agree' 'pkg-md5-disagree' 'pkg-sha256-disagree' \ + 'pkg-md5-bad'; do echo -n 'dsc' > aptarchive/${x}_1.0.dsc echo -n 'tar' > aptarchive/${x}_1.0.tar.gz done -setupaptarchive +setupaptarchive --no-update changetowebserver testsuccess aptget update @@ -174,6 +180,19 @@ Download complete and in download only mode" aptget source -d "$@" rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz } +testnohash() { + #FIXME: Maybe we should fail in this case instead of skipping + rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz + testsuccessequal "Reading package lists... +Building dependency tree... +Skipping download of file '${1}_1.0.dsc' as requested hashsum is not available for authentication +Skipping download of file '${1}_1.0.tar.gz' as requested hashsum is not available for authentication +Need to get 0 B of source archives. +Download complete and in download only mode" aptget source -d "$@" + msgtest 'Files are not downloaded for' "$1" + testfailure --nomsg test -e ${1}_1.0.dsc -o -e ${1}_1.0.tar.gz +} + testmismatch() { rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz testfailureequal "Reading package lists... @@ -193,15 +212,17 @@ E: Failed to fetch some archives." aptget source -d "$@" msgtest 'Files were not download as they have hashsum mismatches for' "$1" testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz - rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz - testsuccessequal "Reading package lists... + if [ "$2" != '--allow-unauthenticated' ]; then + rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz + testsuccessequal "Reading package lists... Building dependency tree... -Skipping download of file 'pkg-sha256-bad_1.0.dsc' as requested hashsum is not available for authentication -Skipping download of file 'pkg-sha256-bad_1.0.tar.gz' as requested hashsum is not available for authentication +Skipping download of file '${1}_1.0.dsc' as requested hashsum is not available for authentication +Skipping download of file '${1}_1.0.tar.gz' as requested hashsum is not available for authentication Need to get 0 B of source archives. Download complete and in download only mode" aptget source -d "$@" -o Acquire::ForceHash=ROT26 - msgtest 'Files were not download as hash is unavailable for' "$1" - testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz + msgtest 'Files were not download as hash is unavailable for' "$1" + testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz + fi rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz testsuccessequal "Reading package lists... @@ -214,8 +235,7 @@ Download complete and in download only mode" aptget source --allow-unauthenticat testsuccess --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz } -#testok pkg-md5-ok -#testkeep pkg-md5-ok +testnohash pkg-md5-ok testok pkg-sha256-ok testkeep pkg-sha256-ok @@ -223,11 +243,13 @@ testkeep pkg-sha256-ok # checking the best available hash (as it should), this will trigger # a hash mismatch. testmismatch pkg-sha256-bad -testmismatch pkg-sha256-bad testok pkg-sha256-bad -o Acquire::ForceHash=MD5Sum +testnohash pkg-md5-bad +testmismatch pkg-md5-bad --allow-unauthenticated + # not having MD5 sum doesn't mean the file doesn't exist at all … -#testok pkg-no-md5 +testok pkg-no-md5 testok pkg-no-md5 -o Acquire::ForceHash=SHA256 testsuccessequal "Reading package lists... Building dependency tree... @@ -267,7 +289,7 @@ msgtest 'Only dsc file is downloaded as the tar has hashsum mismatch' 'pkg-mixed testsuccess --nomsg test -e pkg-mixed-sha2-bad_1.0.dsc -a ! -e pkg-mixed-sha2-bad_1.0.tar.gz # it gets even more pathologic: multiple entries for one file, some even disagreeing! -#testok pkg-md5-agree +testnohash pkg-md5-agree testfailureequal 'Reading package lists... Building dependency tree... E: Error parsing checksum in Files of source package pkg-md5-disagree' aptget source -d pkg-md5-disagree diff --git a/test/libapt/hashsums_test.cc b/test/libapt/hashsums_test.cc index 63c63ecd3..033493f84 100644 --- a/test/libapt/hashsums_test.cc +++ b/test/libapt/hashsums_test.cc @@ -306,6 +306,8 @@ TEST(HashSumsTest, HashStringList) EXPECT_EQ(NULL, list.find(NULL)); EXPECT_EQ(NULL, list.find("")); EXPECT_EQ(NULL, list.find("MD5Sum")); + EXPECT_EQ(NULL, list.find("ROT26")); + EXPECT_EQ(NULL, list.find("SHA1")); EXPECT_EQ(0, list.FileSize()); // empty lists aren't equal @@ -319,6 +321,18 @@ TEST(HashSumsTest, HashStringList) EXPECT_FALSE(list.usable()); EXPECT_EQ(1, list.size()); EXPECT_EQ(29, list.FileSize()); + list.push_back(HashString("MD5Sum", "d41d8cd98f00b204e9800998ecf8427e")); + EXPECT_FALSE(list.empty()); + EXPECT_FALSE(list.usable()); + EXPECT_EQ(2, list.size()); + EXPECT_EQ(29, list.FileSize()); + EXPECT_TRUE(NULL != list.find("MD5Sum")); + list.push_back(HashString("SHA1", "cacecbd74968bc90ea3342767e6b94f46ddbcafc")); + EXPECT_TRUE(list.usable()); + EXPECT_EQ(3, list.size()); + EXPECT_EQ(29, list.FileSize()); + EXPECT_TRUE(NULL != list.find("MD5Sum")); + EXPECT_TRUE(NULL != list.find("SHA1")); Hashes hashes; hashes.Add("The quick brown fox jumps over the lazy dog"); -- cgit v1.2.3