X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/34747d46be3a15105d896266d8043f55d04e7735..84eec207be35b8c117c430296d4c212b079c00c1:/test/integration/test-cve-2013-1051-InRelease-parsing diff --git a/test/integration/test-cve-2013-1051-InRelease-parsing b/test/integration/test-cve-2013-1051-InRelease-parsing index bd68fccf6..3cc012e35 100755 --- a/test/integration/test-cve-2013-1051-InRelease-parsing +++ b/test/integration/test-cve-2013-1051-InRelease-parsing @@ -1,8 +1,8 @@ #!/bin/sh set -e -TESTDIR=$(readlink -f $(dirname $0)) -. $TESTDIR/framework +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" setupenvironment configarchitecture 'i386' @@ -12,17 +12,17 @@ insertpackage 'stable' 'good-pkg' 'all' '1.0' setupaptarchive changetowebserver -ARCHIVE='http://localhost/' +ARCHIVE="http://localhost:${APTHTTPPORT}" msgtest 'Initial apt-get update should work with' 'InRelease' -aptget update -qq && msgpass || msgfail +testsuccess --nomsg aptget update # check that the setup is correct -testequal "good-pkg: +testsuccessequal "good-pkg: Installed: (none) Candidate: 1.0 Version table: - 1.0 0 - 500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good-pkg + 1.0 500 + 500 ${ARCHIVE} stable/main all Packages" aptcache policy good-pkg # now exchange to the Packages file, note that this could be # done via MITM too @@ -37,25 +37,30 @@ sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/ / # we append the (evil unsigned) Release file to the (good signed) InRelease cat aptarchive/dists/stable/Release >> aptarchive/dists/stable/InRelease +touch -d '+1hour' aptarchive/dists/stable/InRelease - -# ensure the update fails -# useful for debugging to add "-o Debug::pkgAcquire::auth=true" -msgtest 'apt-get update for should fail with the modified' 'InRelease' -aptget update 2>&1 | grep -q 'Hash Sum mismatch' > /dev/null && msgpass || msgfail +# ensure the update doesn't load bad data as good data +# Note that we will pick up the InRelease itself as we download no other +# indexes which would trigger a hashsum mismatch, but we ignore the 'bad' +# part of the InRelease +listcurrentlistsdirectory | sed '/_InRelease/ d' > listsdir.lst +msgtest 'apt-get update should ignore unsigned data in the' 'InRelease' +testsuccessequal "Get:1 http://localhost:${APTHTTPPORT} stable InRelease [$(stat -c%s aptarchive/dists/stable/InRelease) B] +Reading package lists..." --nomsg aptget update +testfileequal './listsdir.lst' "$(listcurrentlistsdirectory | sed '/_InRelease/ d')" # ensure there is no package -testequal 'Reading package lists... +testfailureequal 'Reading package lists... Building dependency tree... E: Unable to locate package bad-mitm' aptget install bad-mitm -s # and verify that its not picked up -testequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm -q=0 +testsuccessequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm # and that the right one is used -testequal "good-pkg: +testsuccessequal "good-pkg: Installed: (none) Candidate: 1.0 Version table: - 1.0 0 - 500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good-pkg + 1.0 500 + 500 ${ARCHIVE} stable/main all Packages" aptcache policy good-pkg