From 9e5899cac1a6367e3769af52a724821880e538f6 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Mon, 29 Jan 2018 16:15:41 +0100 Subject: Check that Date of Release file is not in the future By restricting the Date field to be in the past, an attacker cannot just create a repository from the future that would be accepted as a valid update for a repository. This check can be disabled by Acquire::Check-Date set to false. This will also disable Check-Valid-Until and any future date related checking, if any - the option means: "my computers date cannot be trusted." Modify the tests to allow repositories to be up to 10 hours in the future, so we can keep using hours there to simulate time changes. --- apt-pkg/metaindex.cc | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'apt-pkg/metaindex.cc') diff --git a/apt-pkg/metaindex.cc b/apt-pkg/metaindex.cc index bdae6dcc9..8cbdb5e01 100644 --- a/apt-pkg/metaindex.cc +++ b/apt-pkg/metaindex.cc @@ -72,6 +72,13 @@ APT_PURE std::string metaIndex::GetReleaseNotes() const { return d->ReleaseNotes APT_PURE signed short metaIndex::GetDefaultPin() const { return d->DefaultPin; } APT_PURE bool metaIndex::GetSupportsAcquireByHash() const { return SupportsAcquireByHash; } APT_PURE time_t metaIndex::GetValidUntil() const { return ValidUntil; } +APT_PURE time_t metaIndex::GetNotBefore() const +{ + debReleaseIndex const *const deb = dynamic_cast(this); + if (deb != nullptr) + return deb->GetNotBefore(); + return 0; +} APT_PURE time_t metaIndex::GetDate() const { return this->Date; } APT_PURE metaIndex::TriState metaIndex::GetLoadedSuccessfully() const { return LoadedSuccessfully; } APT_PURE std::string metaIndex::GetExpectedDist() const { return Dist; } -- cgit v1.2.3