summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorJulian Andres Klode <julian.klode@canonical.com>2018-01-29 16:15:41 +0100
committerJulian Andres Klode <julian.klode@canonical.com>2018-02-19 16:05:01 +0100
commit9e5899cac1a6367e3769af52a724821880e538f6 (patch)
tree4c7add81aeb5f851ce764697b03e3778391f9cbc /test
parent38d444af2632219ab399dabadaaefaa4dcdd6ebf (diff)
downloadapt-9e5899cac1a6367e3769af52a724821880e538f6.tar.gz
Check that Date of Release file is not in the future
By restricting the Date field to be in the past, an attacker cannot just create a repository from the future that would be accepted as a valid update for a repository. This check can be disabled by Acquire::Check-Date set to false. This will also disable Check-Valid-Until and any future date related checking, if any - the option means: "my computers date cannot be trusted." Modify the tests to allow repositories to be up to 10 hours in the future, so we can keep using hours there to simulate time changes.
Diffstat (limited to 'test')
-rw-r--r--test/integration/framework2
-rwxr-xr-xtest/integration/test-releasefile-date46
2 files changed, 48 insertions, 0 deletions
diff --git a/test/integration/framework b/test/integration/framework
index ecce46d2e..bc84de184 100644
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -460,6 +460,8 @@ EOF
echo "Apt::Cmd::Disable-Script-Warning \"1\";" > rootdir/etc/apt/apt.conf.d/apt-binary
export APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=no
echo 'Acquire::Connect::AddrConfig "false";' > rootdir/etc/apt/apt.conf.d/connect-addrconfig
+ # Allow release files to be 10 hours in the future, rather than 10 seconds
+ echo 'Acquire::Max-FutureTime "'$((10 * 60 * 60))'";' > rootdir/etc/apt/apt.conf.d/future-time
configcompression '.' 'gz' #'bz2' 'lzma' 'xz'
confighashes 'SHA256' # these are tests, not security best-practices
diff --git a/test/integration/test-releasefile-date b/test/integration/test-releasefile-date
new file mode 100755
index 000000000..a98507408
--- /dev/null
+++ b/test/integration/test-releasefile-date
@@ -0,0 +1,46 @@
+#!/bin/sh
+set -e
+
+TESTDIR="$(readlink -f "$(dirname "$0")")"
+. "$TESTDIR/framework"
+setupenvironment
+configarchitecture 'i386'
+
+insertpackage 'wheezy' 'apt' 'all' '0.8.15'
+
+getlabelfromsuite() {
+ echo -n 'Testcases'
+}
+
+setupaptarchive --no-update
+
+runtest() {
+ local MSG="$1"
+ msgtest "Release file is $MSG as it has" "$2"
+ rm -rf rootdir/var/lib/apt/lists
+ generatereleasefiles "$3"
+ signreleasefiles
+ shift 3
+ if [ "$MSG" = 'accepted' ]; then
+ testsuccess --nomsg aptget update "$@"
+ testfailure grep -q 'is not valid yet' rootdir/tmp/testsuccess.output
+ else
+ testfailure --nomsg aptget update "$@"
+ testsuccess grep -q 'is not valid yet' rootdir/tmp/testfailure.output
+ fi
+}
+
+
+runtest 'accepted' 'no date' ''
+runtest 'accepted' 'ok date' 'now + 1 hour'
+runtest 'rejected' 'date to far in the future' 'now + 12 hours'
+runtest 'accepted' 'date to far in the future, but accepted via option' 'now + 12 hours' -o Acquire::Max-FutureTime=86400
+
+sed -i -e 's#\(deb\(-src\)\?\) #\1 [check-date=no] #' rootdir/etc/apt/sources.list.d/*
+runtest 'accepted' 'bad Date but overridden by sources option' 'now + 1 day'
+
+sed -i -e 's#\(deb\(-src\)\?\) \[.*\] #\1 [date-max-future=86400] #' rootdir/etc/apt/sources.list.d/*
+runtest 'accepted' 'Date allowed via sources list option via sources option' 'now + 12 hours'
+
+sed -i -e 's#\(deb\(-src\)\?\) \[.*\] #\1 [date-max-future=86405] #' rootdir/etc/apt/sources.list.d/*
+runtest 'rejected' 'Date further in the future than allowed by sources.list option' 'now + 2 day'