diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 06:14:41 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 06:14:41 +0000 |
commit | 549a391d6438e828001eeeaf235b080c054a7bf3 (patch) | |
tree | 1bb6b1ea5987fa167a1d13abe82209cc882dd94b /test/integration/test-cve-2018-0501-mirror-alternatives | |
parent | Initial commit. (diff) | |
download | apt-upstream/2.2.4.tar.xz apt-upstream/2.2.4.zip |
Adding upstream version 2.2.4.upstream/2.2.4upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'test/integration/test-cve-2018-0501-mirror-alternatives')
-rwxr-xr-x | test/integration/test-cve-2018-0501-mirror-alternatives | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/test/integration/test-cve-2018-0501-mirror-alternatives b/test/integration/test-cve-2018-0501-mirror-alternatives new file mode 100755 index 0000000..f154547 --- /dev/null +++ b/test/integration/test-cve-2018-0501-mirror-alternatives @@ -0,0 +1,31 @@ +#!/bin/sh +set -e +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" + +setupenvironment +configarchitecture "i386" + +buildsimplenativepackage 'foo' 'all' '1' 'stable' +setupaptarchive --no-update +changetohttpswebserver + +# User has mirror method configured in apt >= 1.6~alpha6 & +# Eve has enough MITM control over the network to +# a) have the mirror file include at least two mirrors and +# b) can send her bad InRelease files for both mirrors +sed -i -e 's# https:# mirror+https:#' -e 's#/ stable#/mirror.txt stable#' rootdir/etc/apt/sources.list.d/*-stable-* +echo "http://localhost:${APTHTTPPORT} +https://localhost:${APTHTTPSPORT}" > aptarchive/mirror.txt + +# real Eve would do something worse… +sed -i "/^Date: / a\ +Evil: yes" $(find ./aptarchive -name 'Release' -o -name 'InRelease') + +# progress display shows that the InRelease file was bad, +# but it is used anyhow as the bad file causes a fallback to +# a request to the second mirror which completes successful +# causing apt to believe the verify completed successfully… +testfailure apt update +testfailure grep '^Evil:' rootdir/var/lib/apt/lists/*Release +testfailure apt show foo |