summaryrefslogtreecommitdiffstats
path: root/test/integration/test-cve-2019-3462-Release.gpg-payload
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 09:59:37 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 09:59:37 +0000
commit76e2632459410dec81337edb6a9fee33c9a660f3 (patch)
treea73345df208eede4a4daad340515c9328f34625c /test/integration/test-cve-2019-3462-Release.gpg-payload
parentInitial commit. (diff)
downloadapt-76e2632459410dec81337edb6a9fee33c9a660f3.tar.xz
apt-76e2632459410dec81337edb6a9fee33c9a660f3.zip
Adding upstream version 2.7.12.upstream/2.7.12
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'test/integration/test-cve-2019-3462-Release.gpg-payload')
-rwxr-xr-xtest/integration/test-cve-2019-3462-Release.gpg-payload43
1 files changed, 43 insertions, 0 deletions
diff --git a/test/integration/test-cve-2019-3462-Release.gpg-payload b/test/integration/test-cve-2019-3462-Release.gpg-payload
new file mode 100755
index 0000000..fd0f967
--- /dev/null
+++ b/test/integration/test-cve-2019-3462-Release.gpg-payload
@@ -0,0 +1,43 @@
+#!/bin/sh
+set -e
+
+# This is not covered by the CVE and harmless by itself, but used in
+# the exploit and while harmless it is also pointless to allow it
+
+TESTDIR="$(readlink -f "$(dirname "$0")")"
+. "$TESTDIR/framework"
+
+setupenvironment
+configarchitecture 'amd64'
+
+export APT_DONT_SIGN='InRelease'
+
+insertpackage 'unstable' 'foo' 'all' '1'
+setupaptarchive
+rm -rf rootdir/var/lib/apt/lists
+
+verify() {
+ testfailure apt update
+ testsuccess grep '^ Detached signature file' rootdir/tmp/testfailure.output
+ testfailure apt show foo
+}
+
+msgmsg 'Payload after detached signature'
+find aptarchive -name 'Release.gpg' | while read FILE; do
+ cp -a "$FILE" "${FILE}.bak"
+ echo "evil payload" >> "$FILE"
+done
+verify
+
+msgmsg 'Payload in-between detached signatures'
+find aptarchive -name 'Release.gpg' | while read FILE; do
+ cat "${FILE}.bak" >> "$FILE"
+done
+verify
+
+msgmsg 'Payload before detached signature'
+find aptarchive -name 'Release.gpg' | while read FILE; do
+ echo "evil payload" > "$FILE"
+ cat "${FILE}.bak" >> "$FILE"
+done
+verify