devuan
/
apt
10
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 27 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9213 Commits
3 Branches
65 MiB
 
 
 
 
 
 
Tree: e2965b0b6b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e2965b0b6b'
${ noResults }
apt/test/integration/test-cve-2019-3462-Release....

44 lines
1.0 KiB
Raw Blame History 

  1. #!/bin/sh

  2. set -e

  3. 

  4. # This is not covered by the CVE and harmless by itself, but used in

  5. # the exploit and while harmless it is also pointless to allow it

  6. 

  7. TESTDIR="$(readlink -f "$(dirname "$0")")"

  8. . "$TESTDIR/framework"

  9. 

  10. setupenvironment

  11. configarchitecture 'amd64'

  12. 

  13. export APT_DONT_SIGN='InRelease'

  14. 

  15. insertpackage 'unstable' 'foo' 'all' '1'

  16. setupaptarchive

  17. rm -rf rootdir/var/lib/apt/lists

  18. 

  19. verify() {

  20. 	testfailure apt update

  21. 	testsuccess grep '^  Detached signature file' rootdir/tmp/testfailure.output

  22. 	testfailure apt show foo

  23. }

  24. 

  25. msgmsg 'Payload after detached signature'

  26. find aptarchive -name 'Release.gpg' | while read FILE; do

  27. 	cp -a "$FILE" "${FILE}.bak"

  28. 	echo "evil payload" >> "$FILE"

  29. done

  30. verify

  31. 

  32. msgmsg 'Payload in-between detached signatures'

  33. find aptarchive -name 'Release.gpg' | while read FILE; do

  34. 	cat "${FILE}.bak" >> "$FILE"

  35. done

  36. verify

  37. 

  38. msgmsg 'Payload before detached signature'

  39. find aptarchive -name 'Release.gpg' | while read FILE; do

  40. 	echo "evil payload" > "$FILE"

  41. 	cat "${FILE}.bak" >> "$FILE"

  42. done

  43. verify