diff options
| author | Guillem Jover <guillem@debian.org> | 2017-03-19 19:40:14 +0100 |
|---|---|---|
| committer | Guillem Jover <guillem@debian.org> | 2017-05-17 05:57:04 +0200 |
| commit | 7c77a05faaff3e23ca39f27e946f4edee5b8b144 (patch) | |
| tree | 98af65813ac2ec49c3b24e8d7e9808303ae9b8ee /scripts/t | |
| parent | 3a9f07899770432d25990e4cdd78974f8821520a (diff) | |
| download | dpkg-7c77a05faaff3e23ca39f27e946f4edee5b8b144.tar.gz | |
Dpkg::Source::Patch: Indented patch test-case
POSIX specifies that a diff hunk can be indented by spaces or tabs
(while the original patch(1) by Larry Wall also accepts 'X'), as long
as the amount of spaces is consistent for all subsequent lines. And as
we are not checking for this condition at all, any such indented hunk
can avoid the sanity checks performed by Dpkg::Source::Patch.
On systems using GNU patch >= 2.7.5, this should, in principle, not be
a problem anymore, as that implementation protects against directory
traversal issue. But on other systems where the patch implementation
does not perform such checks (such as the BSDs) this is an issue, so
check for this in the test-suite.
Those are arguably all security issues in these various patch
implementations, but given that we are performing sanity checks and that
those implementations are currently very lax, it seems prudent to do the
heavy lifting ourselves and also take the possible blame too.
Ref: CVE-2017-8283
Stable-Candidate: 1.17.x
Diffstat (limited to 'scripts/t')
| -rw-r--r-- | scripts/t/Dpkg_Source_Patch.t | 6 | ||||
| -rw-r--r-- | scripts/t/Dpkg_Source_Patch/indent-header.patch | 9 |
2 files changed, 14 insertions, 1 deletions
diff --git a/scripts/t/Dpkg_Source_Patch.t b/scripts/t/Dpkg_Source_Patch.t index 8f382f546..d81a1a39d 100644 --- a/scripts/t/Dpkg_Source_Patch.t +++ b/scripts/t/Dpkg_Source_Patch.t @@ -16,7 +16,7 @@ use strict; use warnings; -use Test::More tests => 9; +use Test::More tests => 10; use Test::Dpkg qw(:paths); use File::Path qw(make_path); @@ -67,4 +67,8 @@ test_patch_escape('partial', 'symlink', 'partial.patch', test_patch_escape('ghost-hunk', 'symlink', 'ghost-hunk.patch', 'Patch cannot escape using a disabling hunk'); +# This is CVE-2017-8283 +test_patch_escape('indent-header', 'symlink', 'indent-header.patch', + 'Patch cannot escape indented hunks'); + 1; diff --git a/scripts/t/Dpkg_Source_Patch/indent-header.patch b/scripts/t/Dpkg_Source_Patch/indent-header.patch new file mode 100644 index 000000000..4bef00829 --- /dev/null +++ b/scripts/t/Dpkg_Source_Patch/indent-header.patch @@ -0,0 +1,9 @@ + --- /dev/null + +++ b/symlink/index-file + @@ -0,0 +1,1 @@ + +Escaped + +--- /dev/null ++++ b/dummy-file +@@ -0,0 +1,1 @@ ++Dummy to make the code see a valid hunk |