apt/test/libapt, branch 2.1.19

Avoid overstepping bounds in config file parsing

2021-02-03T16:43:13Z

Our configuration files are not security relevant, but having a parser which avoids crashing on them even if they are seriously messed up is not a bad idea anyway. It is also a good opportunity to brush up the code a bit avoiding a few small string copies with our string_view.

Forbid negative values in unsigned StrToNum explicitly

2021-02-03T16:36:46Z

strtoul(l) surprises us with parsing negative values which should not exist in the places we use to parse them, so we can just downright refuse them rather than trying to work with them by having them promoted to huge positive values.

Don't parse \x and \0 past the end in DeEscapeString

2021-02-03T16:36:45Z

This has no attack surface though as the loop is to end very soon anyhow and the method only used while reading CD-ROM mountpoints which seems like a very unlikely attack vector…

Fix incorrect base64 encoding due to int promotion

2021-02-03T16:36:45Z

For \xff and friends with the highest bit set and hence being a negative value on signed char systems the wrong encoding is produced as we run into undefined behaviour accessing negative array indexes. We can avoid this problem simply by using an unsigned data type.

Add a simple test for APT::String::DisplayLength

2021-02-03T16:36:45Z

References: 2497198e9599a6a8d4d0ad08627bcfc7ea49c644 Gbp-Dch: Ignore

patterns: Terminate short pattern by ~ and !

2020-12-07T14:11:20Z

This allows patterns like ~nalpha~nbeta and ~nalpha!~nbeta to work like they do in APT. Also add a comment to remind readers that everything in START should be in short too. Cc: stable >= 2.0

Allow prefix to be a complete filename for GetTempFile

2020-05-18T13:55:36Z

Our testcases had their own implementation of GetTempFile with the feature of a temporary file with a choosen suffix. Merging this into GetTempFile lets us drop this duplicate and hence test more our code rather than testing our helpers for test implementation. And then hashsums_test had another implementation… and extracttar wasn't even trying to use a real tempfile… one GetTempFile to rule them all! That also ensures that these tempfiles are created in a temporary directory rather than the current directory which is a nice touch and tries a little harder to clean up those tempfiles.

Parse records including empty tag names correctly

2020-02-26T17:12:18Z

No sensible file should include these, but even insensible files do not gain unfair advantages with it as this parser does not deal with security critical files before they haven't passed other checks like signatures or hashsums. The problem is that the parser accepts and parses empty tag names correctly, but does not store the data parsed which will effect later passes over the data resulting e.g. in the following tag containing the name and value of the previous (empty) tag, its own tagname and its own value or a crash due to an attempt to access invalid memory depending on who passes over the data and what is done with it. This commit fixes both, the incidient of the crash reported by Anatoly Trosinenko who reproduced it via apt-sortpkgs: | $ cat /tmp/Packages-null | 0: | PACKAGE:0 | | : | PACKAGE: | | PACKAGE:: | $ apt-sortpkgs /tmp/Packages-null and the deeper parsing issue shown by the included testcase. Reported-By: Anatoly Trosinenko References: 8710a36a01c0cb1648926792c2ad05185535558e

Remove code tagged APT_PKG_590, add some missing includes

2020-02-18T11:48:38Z

Remove all code scheduled to be removed after 5.90, and fix files to include files they previously got from hashes.h including more headers.

patterns: test for empty terms, reject them

2020-02-03T11:55:54Z