Browse Source

use unusable-for-security hashes for integrity checks

We want to declare some hashes as not enough for security, so that a
user will need --allow-unauthenticated or similar to get data secured
only by those hashes, but we can still us these hashes for integrity
checks if we got them.
tags/debian/1.1.exp12
David Kalnischkies 6 years ago
parent
commit
63d609985e
5 changed files with 85 additions and 26 deletions
  1. +6
    -0
      apt-pkg/acquire-worker.cc
  2. +1
    -0
      apt-pkg/contrib/hashes.cc
  3. +25
    -9
      test/integration/test-apt-helper
  4. +39
    -17
      test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum
  5. +14
    -0
      test/libapt/hashsums_test.cc

+ 6
- 0
apt-pkg/acquire-worker.cc View File

@@ -407,7 +407,13 @@ bool pkgAcquire::Worker::RunMessages()
else if (Owner->HashesRequired() == true)
consideredOkay = false;
else
{
consideredOkay = true;
// even if the hashes aren't usable to declare something secure
// we can at least use them to declare it an integrity failure
if (ExpectedHashes.empty() == false && ReceivedHashes != ExpectedHashes && _config->Find("Acquire::ForceHash").empty())
consideredOkay = false;
}

if (consideredOkay == true)
consideredOkay = Owner->VerifyDone(Message, Config);


+ 1
- 0
apt-pkg/contrib/hashes.cc View File

@@ -136,6 +136,7 @@ APT_PURE bool HashString::usable() const /*{{{*/
(Type != "MD5Sum")
);
}
/*}}}*/
std::string HashString::toStr() const /*{{{*/
{
return Type + ":" + Hash;


+ 25
- 9
test/integration/test-apt-helper View File

@@ -13,29 +13,45 @@ test_apt_helper_download() {
echo 'foo' > aptarchive/foo
echo 'bar' > aptarchive/foo2

msgtest 'apt-file download-file sha1'
msgtest 'apt-file download-file' 'md5sum'
testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo2 MD5Sum:d3b07384d113edec49eaa6238ad5ff00
testfileequal ./downloaded/foo2 'foo'

msgtest 'apt-file download-file' 'sha1'
testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo1 SHA1:f1d2d2f924e986ac86fdf7b36c94bcdf32beec15
testfileequal ./downloaded/foo1 'foo'

msgtest 'apt-file download-file sha256'
msgtest 'apt-file download-file' 'sha256'
testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo3 SHA256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c
testfileequal ./downloaded/foo3 'foo'

msgtest 'apt-file download-file no-hash'
msgtest 'apt-file download-file' 'no-hash'
testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo4
testfileequal ./downloaded/foo4 'foo'
msgtest 'apt-file download-file wrong hash'
testfailure --nomsg apthelper -qq download-file http://localhost:8080/foo ./downloaded/foo5 SHA256:aabbcc
msgtest 'apt-file download-file' 'wrong md5sum'
testfailure --nomsg apthelper -qq download-file http://localhost:8080/foo ./downloaded/foo5 MD5Sum:aabbcc
testfileequal rootdir/tmp/testfailure.output 'E: Failed to fetch http://localhost:8080/foo Hash Sum mismatch

E: Download Failed'
testfileequal ./downloaded/foo5.FAILED 'foo'

msgtest 'apt-file download-file sha256 sha1'
testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo6 SHA256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c http://localhost:8080/foo2 ./downloaded/foo7 SHA1:e242ed3bffccdf271b7fbaf34ed72d089537b42f
testfileequal ./downloaded/foo6 'foo'
msgtest 'apt-file download-file' 'wrong sha256'
testfailure --nomsg apthelper -qq download-file http://localhost:8080/foo ./downloaded/foo6 SHA256:aabbcc
testfileequal rootdir/tmp/testfailure.output 'E: Failed to fetch http://localhost:8080/foo Hash Sum mismatch

E: Download Failed'
testfileequal ./downloaded/foo6.FAILED 'foo'

msgtest 'apt-file download-file' 'sha256 sha1'
testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo8 SHA256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c http://localhost:8080/foo2 ./downloaded/foo7 SHA1:e242ed3bffccdf271b7fbaf34ed72d089537b42f
testfileequal ./downloaded/foo8 'foo'
testfileequal ./downloaded/foo7 'bar'

msgtest 'apt-file download-file' 'md5sum sha1'
testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo9 MD5Sum:d3b07384d113edec49eaa6238ad5ff00 http://localhost:8080/foo2 ./downloaded/foo10 SHA1:e242ed3bffccdf271b7fbaf34ed72d089537b42f
testfileequal ./downloaded/foo9 'foo'
testfileequal ./downloaded/foo10 'bar'
}

test_apt_helper_detect_proxy() {


+ 39
- 17
test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum View File

@@ -1,8 +1,4 @@
#!/bin/sh
#
# FIXME: this test is mostly meaningless now as we do not consider
# md5sum sufficient anyway. useful to test that it errors
# if not all hashes pass
set -e

TESTDIR=$(readlink -f $(dirname $0))
@@ -51,6 +47,15 @@ Checksums-Sha256:
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 3 pkg-sha256-bad_1.0.dsc
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 3 pkg-sha256-bad_1.0.tar.gz

Package: pkg-md5-bad
Binary: pkg-md5-bad
Version: 1.0
Maintainer: Joe Sixpack <joe@example.org>
Architecture: all
Files:
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 3 pkg-md5-bad_1.0.dsc
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 3 pkg-md5-bad_1.0.tar.gz

Package: pkg-no-md5
Binary: pkg-no-md5
Version: 1.0
@@ -136,12 +141,13 @@ EOF
# create fetchable files
for x in 'pkg-md5-ok' 'pkg-sha256-ok' 'pkg-sha256-bad' 'pkg-no-md5' \
'pkg-mixed-ok' 'pkg-mixed-sha1-bad' 'pkg-mixed-sha2-bad' \
'pkg-md5-agree' 'pkg-md5-disagree' 'pkg-sha256-disagree'; do
'pkg-md5-agree' 'pkg-md5-disagree' 'pkg-sha256-disagree' \
'pkg-md5-bad'; do
echo -n 'dsc' > aptarchive/${x}_1.0.dsc
echo -n 'tar' > aptarchive/${x}_1.0.tar.gz
done

setupaptarchive
setupaptarchive --no-update
changetowebserver
testsuccess aptget update

@@ -174,6 +180,19 @@ Download complete and in download only mode" aptget source -d "$@"
rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
}

testnohash() {
#FIXME: Maybe we should fail in this case instead of skipping
rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
testsuccessequal "Reading package lists...
Building dependency tree...
Skipping download of file '${1}_1.0.dsc' as requested hashsum is not available for authentication
Skipping download of file '${1}_1.0.tar.gz' as requested hashsum is not available for authentication
Need to get 0 B of source archives.
Download complete and in download only mode" aptget source -d "$@"
msgtest 'Files are not downloaded for' "$1"
testfailure --nomsg test -e ${1}_1.0.dsc -o -e ${1}_1.0.tar.gz
}

testmismatch() {
rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
testfailureequal "Reading package lists...
@@ -193,15 +212,17 @@ E: Failed to fetch some archives." aptget source -d "$@"
msgtest 'Files were not download as they have hashsum mismatches for' "$1"
testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz

rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
testsuccessequal "Reading package lists...
if [ "$2" != '--allow-unauthenticated' ]; then
rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
testsuccessequal "Reading package lists...
Building dependency tree...
Skipping download of file 'pkg-sha256-bad_1.0.dsc' as requested hashsum is not available for authentication
Skipping download of file 'pkg-sha256-bad_1.0.tar.gz' as requested hashsum is not available for authentication
Skipping download of file '${1}_1.0.dsc' as requested hashsum is not available for authentication
Skipping download of file '${1}_1.0.tar.gz' as requested hashsum is not available for authentication
Need to get 0 B of source archives.
Download complete and in download only mode" aptget source -d "$@" -o Acquire::ForceHash=ROT26
msgtest 'Files were not download as hash is unavailable for' "$1"
testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
msgtest 'Files were not download as hash is unavailable for' "$1"
testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
fi

rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
testsuccessequal "Reading package lists...
@@ -214,8 +235,7 @@ Download complete and in download only mode" aptget source --allow-unauthenticat
testsuccess --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
}

#testok pkg-md5-ok
#testkeep pkg-md5-ok
testnohash pkg-md5-ok
testok pkg-sha256-ok
testkeep pkg-sha256-ok

@@ -223,11 +243,13 @@ testkeep pkg-sha256-ok
# checking the best available hash (as it should), this will trigger
# a hash mismatch.
testmismatch pkg-sha256-bad
testmismatch pkg-sha256-bad
testok pkg-sha256-bad -o Acquire::ForceHash=MD5Sum

testnohash pkg-md5-bad
testmismatch pkg-md5-bad --allow-unauthenticated

# not having MD5 sum doesn't mean the file doesn't exist at all …
#testok pkg-no-md5
testok pkg-no-md5
testok pkg-no-md5 -o Acquire::ForceHash=SHA256
testsuccessequal "Reading package lists...
Building dependency tree...
@@ -267,7 +289,7 @@ msgtest 'Only dsc file is downloaded as the tar has hashsum mismatch' 'pkg-mixed
testsuccess --nomsg test -e pkg-mixed-sha2-bad_1.0.dsc -a ! -e pkg-mixed-sha2-bad_1.0.tar.gz

# it gets even more pathologic: multiple entries for one file, some even disagreeing!
#testok pkg-md5-agree
testnohash pkg-md5-agree
testfailureequal 'Reading package lists...
Building dependency tree...
E: Error parsing checksum in Files of source package pkg-md5-disagree' aptget source -d pkg-md5-disagree


+ 14
- 0
test/libapt/hashsums_test.cc View File

@@ -306,6 +306,8 @@ TEST(HashSumsTest, HashStringList)
EXPECT_EQ(NULL, list.find(NULL));
EXPECT_EQ(NULL, list.find(""));
EXPECT_EQ(NULL, list.find("MD5Sum"));
EXPECT_EQ(NULL, list.find("ROT26"));
EXPECT_EQ(NULL, list.find("SHA1"));
EXPECT_EQ(0, list.FileSize());

// empty lists aren't equal
@@ -319,6 +321,18 @@ TEST(HashSumsTest, HashStringList)
EXPECT_FALSE(list.usable());
EXPECT_EQ(1, list.size());
EXPECT_EQ(29, list.FileSize());
list.push_back(HashString("MD5Sum", "d41d8cd98f00b204e9800998ecf8427e"));
EXPECT_FALSE(list.empty());
EXPECT_FALSE(list.usable());
EXPECT_EQ(2, list.size());
EXPECT_EQ(29, list.FileSize());
EXPECT_TRUE(NULL != list.find("MD5Sum"));
list.push_back(HashString("SHA1", "cacecbd74968bc90ea3342767e6b94f46ddbcafc"));
EXPECT_TRUE(list.usable());
EXPECT_EQ(3, list.size());
EXPECT_EQ(29, list.FileSize());
EXPECT_TRUE(NULL != list.find("MD5Sum"));
EXPECT_TRUE(NULL != list.find("SHA1"));

Hashes hashes;
hashes.Add("The quick brown fox jumps over the lazy dog");


Loading…
Cancel
Save