summaryrefslogtreecommitdiff
path: root/test/integration/test-cve-2019-3462-Release.gpg-payload
blob: fd0f9671331faabd5ac069b3dfa80ede3e5c3609 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#!/bin/sh
set -e

# This is not covered by the CVE and harmless by itself, but used in
# the exploit and while harmless it is also pointless to allow it

TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"

setupenvironment
configarchitecture 'amd64'

export APT_DONT_SIGN='InRelease'

insertpackage 'unstable' 'foo' 'all' '1'
setupaptarchive
rm -rf rootdir/var/lib/apt/lists

verify() {
	testfailure apt update
	testsuccess grep '^  Detached signature file' rootdir/tmp/testfailure.output
	testfailure apt show foo
}

msgmsg 'Payload after detached signature'
find aptarchive -name 'Release.gpg' | while read FILE; do
	cp -a "$FILE" "${FILE}.bak"
	echo "evil payload" >> "$FILE"
done
verify

msgmsg 'Payload in-between detached signatures'
find aptarchive -name 'Release.gpg' | while read FILE; do
	cat "${FILE}.bak" >> "$FILE"
done
verify

msgmsg 'Payload before detached signature'
find aptarchive -name 'Release.gpg' | while read FILE; do
	echo "evil payload" > "$FILE"
	cat "${FILE}.bak" >> "$FILE"
done
verify