diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:00:48 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:00:48 +0000 |
commit | 851b6a097165af4d51c0db01b5e05256e5006896 (patch) | |
tree | 5f7c388ec894a7806c49a99f3bdb605d0b299a7c /test/integration/test-cve-2018-0501-mirror-alternatives | |
parent | Initial commit. (diff) | |
download | apt-851b6a097165af4d51c0db01b5e05256e5006896.tar.xz apt-851b6a097165af4d51c0db01b5e05256e5006896.zip |
Adding upstream version 2.6.1.upstream/2.6.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'test/integration/test-cve-2018-0501-mirror-alternatives')
-rwxr-xr-x | test/integration/test-cve-2018-0501-mirror-alternatives | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/test/integration/test-cve-2018-0501-mirror-alternatives b/test/integration/test-cve-2018-0501-mirror-alternatives new file mode 100755 index 0000000..f154547 --- /dev/null +++ b/test/integration/test-cve-2018-0501-mirror-alternatives @@ -0,0 +1,31 @@ +#!/bin/sh +set -e +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" + +setupenvironment +configarchitecture "i386" + +buildsimplenativepackage 'foo' 'all' '1' 'stable' +setupaptarchive --no-update +changetohttpswebserver + +# User has mirror method configured in apt >= 1.6~alpha6 & +# Eve has enough MITM control over the network to +# a) have the mirror file include at least two mirrors and +# b) can send her bad InRelease files for both mirrors +sed -i -e 's# https:# mirror+https:#' -e 's#/ stable#/mirror.txt stable#' rootdir/etc/apt/sources.list.d/*-stable-* +echo "http://localhost:${APTHTTPPORT} +https://localhost:${APTHTTPSPORT}" > aptarchive/mirror.txt + +# real Eve would do something worse… +sed -i "/^Date: / a\ +Evil: yes" $(find ./aptarchive -name 'Release' -o -name 'InRelease') + +# progress display shows that the InRelease file was bad, +# but it is used anyhow as the bad file causes a fallback to +# a request to the second mirror which completes successful +# causing apt to believe the verify completed successfully… +testfailure apt update +testfailure grep '^Evil:' rootdir/var/lib/apt/lists/*Release +testfailure apt show foo |