From 110078022a6c6103be8f557aef1e268c4b680d88 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Thu, 20 Feb 2020 12:49:15 +0100 Subject: Parse records including empty tag names correctly No sensible file should include these, but even insensible files do not gain unfair advantages with it as this parser does not deal with security critical files before they haven't passed other checks like signatures or hashsums. The problem is that the parser accepts and parses empty tag names correctly, but does not store the data parsed which will effect later passes over the data resulting e.g. in the following tag containing the name and value of the previous (empty) tag, its own tagname and its own value or a crash due to an attempt to access invalid memory depending on who passes over the data and what is done with it. This commit fixes both, the incidient of the crash reported by Anatoly Trosinenko who reproduced it via apt-sortpkgs: | $ cat /tmp/Packages-null | 0: | PACKAGE:0 | | : | PACKAGE: | | PACKAGE:: | $ apt-sortpkgs /tmp/Packages-null and the deeper parsing issue shown by the included testcase. Reported-By: Anatoly Trosinenko References: 8710a36a01c0cb1648926792c2ad05185535558e --- test/libapt/tagfile_test.cc | 58 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) (limited to 'test') diff --git a/test/libapt/tagfile_test.cc b/test/libapt/tagfile_test.cc index 8823ff781..919b46cdb 100644 --- a/test/libapt/tagfile_test.cc +++ b/test/libapt/tagfile_test.cc @@ -285,3 +285,61 @@ TEST(TagFileTest, Comments) EXPECT_FALSE(tfile.Step(section)); } + +TEST(TagFileTest, EmptyTagName) +{ + FileFd fd; + createTemporaryFile("emptytagname", fd, NULL, "0:\n" +"PACKAGE:0\n" +"\n" +":\n" +"PACKAGE:\n" +"\n" +"PACKAGE:\n" +":\n" +"\n" +"PACKAGE:\n" +":\n" +"Version:1\n" +"\n" +"PACKAGE::\n" + ); + pkgTagFile tfile(&fd); + pkgTagSection section; + ASSERT_TRUE(tfile.Step(section)); + EXPECT_EQ(2u, section.Count()); + EXPECT_TRUE(section.Exists("PACKAGE")); + EXPECT_EQ("0", section.FindS("PACKAGE")); + EXPECT_TRUE(section.Exists("0")); + EXPECT_EQ("", section.FindS("0")); + + ASSERT_TRUE(tfile.Step(section)); + EXPECT_EQ(2u, section.Count()); + EXPECT_TRUE(section.Exists("PACKAGE")); + EXPECT_EQ("", section.FindS("PACKAGE")); + EXPECT_TRUE(section.Exists("")); + EXPECT_EQ("", section.FindS("")); + + ASSERT_TRUE(tfile.Step(section)); + EXPECT_EQ(2u, section.Count()); + EXPECT_TRUE(section.Exists("PACKAGE")); + EXPECT_EQ("", section.FindS("PACKAGE")); + EXPECT_TRUE(section.Exists("")); + EXPECT_EQ("", section.FindS("")); + + ASSERT_TRUE(tfile.Step(section)); + EXPECT_EQ(3u, section.Count()); + EXPECT_TRUE(section.Exists("PACKAGE")); + EXPECT_EQ("", section.FindS("PACKAGE")); + EXPECT_TRUE(section.Exists("")); + EXPECT_EQ("", section.FindS("")); + EXPECT_TRUE(section.Exists("Version")); + EXPECT_EQ("1", section.FindS("Version")); + + ASSERT_TRUE(tfile.Step(section)); + EXPECT_EQ(1u, section.Count()); + EXPECT_TRUE(section.Exists("PACKAGE")); + EXPECT_EQ(":", section.FindS("PACKAGE")); + + EXPECT_FALSE(tfile.Step(section)); +} -- cgit v1.2.3