diff options
Diffstat (limited to 'test')
| -rwxr-xr-x | test/integration/test-github-111-invalid-armember | 58 | ||||
| -rw-r--r-- | test/interactive-helper/createdeb-cve-2020-27350.cc | 42 |
2 files changed, 44 insertions, 56 deletions
diff --git a/test/integration/test-github-111-invalid-armember b/test/integration/test-github-111-invalid-armember index 1e095eef3..e4b897ec3 100755 --- a/test/integration/test-github-111-invalid-armember +++ b/test/integration/test-github-111-invalid-armember @@ -25,62 +25,8 @@ printf '!<arch>\0120123456789ABCDE.A123456789A.01234.01234.0123456.012345678.0.' testsuccessequal "E: Invalid archive member header" ${APTTESTHELPERSBINDIR}/testdeb test.deb -# unused source code for generating $tar below -maketar() { - cat > maketar.c << EOF - #include <stdio.h> - #include <string.h> - struct tar { - char Name[100]; - char Mode[8]; - char UserID[8]; - char GroupID[8]; - char Size[12]; - char MTime[12]; - char Checksum[8]; - char LinkFlag; - char LinkName[100]; - char MagicNumber[8]; - char UserName[32]; - char GroupName[32]; - char Major[8]; - char Minor[8]; - }; - - int main(void) - { - union { - struct tar t; - char buf[512]; - } t; - for (int i = 0; i < sizeof(t.buf); i++) - t.buf[i] = '7'; - memcpy(t.t.Name, "unterminatedName", 16); - memcpy(t.t.UserName, "userName", 8); - memcpy(t.t.GroupName, "thisIsAGroupNamethisIsAGroupName", 32); - t.t.LinkFlag = 'X'; // I AM BROKEN - memcpy(t.t.Size, "000000000000", sizeof(t.t.Size)); - memset(t.t.Checksum,' ',sizeof(t.t.Checksum)); - - unsigned long sum = 0; - for (int i = 0; i < sizeof(t.buf); i++) - sum += t.buf[i]; - - int written = sprintf(t.t.Checksum, "%lo", sum); - for (int i = written; i < sizeof(t.t.Checksum); i++) - t.t.Checksum[i] = ' '; - fwrite(t.buf, sizeof(t.buf), 1, stdout); - } -EOF - - gcc maketar.c -o maketar -Wall - ./maketar -} - - -# -tar="unterminatedName77777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777700000000000077777777777773544 X777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777userName777777777777777777777777thisIsAGroupNamethisIsAGroupName777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777" -printf '%s' "$tar" | gzip > control.tar.gz +${APTTESTHELPERSBINDIR}/createdeb-cve-2020-27350 github-111 control.tar +gzip control.tar cp control.tar.gz data.tar.gz touch debian-binary rm test.deb diff --git a/test/interactive-helper/createdeb-cve-2020-27350.cc b/test/interactive-helper/createdeb-cve-2020-27350.cc index 8b9619469..a290c0ac2 100644 --- a/test/interactive-helper/createdeb-cve-2020-27350.cc +++ b/test/interactive-helper/createdeb-cve-2020-27350.cc @@ -203,6 +203,12 @@ static void createdeb_bigtarfilelength(const int fd, int flag, unsigned long lon memcpy(t.t.Name, "control\0 ", 16); memcpy(t.t.UserName, "userName", 8); memcpy(t.t.GroupName, "thisIsAGroupNamethisIsAGroupName", 32); + memcpy(t.t.UserID, "0", 2); + memcpy(t.t.GroupID, "0", 2); + memcpy(t.t.MTime, "0", 2); + memcpy(t.t.MagicNumber, "0", 2); + memcpy(t.t.Major, "0", 2); + memcpy(t.t.Minor, "0", 2); t.t.LinkFlag = flag; base256_encode(t.t.Size, size, sizeof(t.t.Size)); memset(t.t.Checksum, ' ', sizeof(t.t.Checksum)); @@ -218,6 +224,38 @@ static void createdeb_bigtarfilelength(const int fd, int flag, unsigned long lon write_chk(fd, t.buf, sizeof(t.buf)); } +static void createtar(const int fd) +{ + union + { + struct TarHeader t; + char buf[512]; + } t; + for (int i = 0; i < sizeof(t.buf); i++) + t.buf[i] = '7'; + memcpy(t.t.Name, "unterminatedName", 16); + memcpy(t.t.UserName, "userName", 8); + memcpy(t.t.GroupName, "thisIsAGroupNamethisIsAGroupName", 32); + memcpy(t.t.UserID, "0", 2); + memcpy(t.t.GroupID, "0", 2); + memcpy(t.t.MTime, "0", 2); + memcpy(t.t.MagicNumber, "0", 2); + memcpy(t.t.Major, "0", 2); + memcpy(t.t.Minor, "0", 2); + t.t.LinkFlag = 'X'; // I AM BROKEN + memcpy(t.t.Size, "000000000000", sizeof(t.t.Size)); + memset(t.t.Checksum, ' ', sizeof(t.t.Checksum)); + + unsigned long sum = 0; + for (int i = 0; i < sizeof(t.buf); i++) + sum += t.buf[i]; + + int written = sprintf(t.t.Checksum, "%lo", sum); + for (int i = written; i < sizeof(t.t.Checksum); i++) + t.t.Checksum[i] = ' '; + write_chk(fd, t.buf, sizeof(t.buf)); +} + static void createdeb_test(const int fd) { // Magic number @@ -311,6 +349,10 @@ int main(int argc, char *argv[]) { createdeb_bigtarfilelength(fd, '0', 128llu * 1024 * 1024 * 1024 + 1); } + else if (strcmp(mode, "github-111") == 0) + { + createtar(fd); + } else if (strcmp(mode, "test") == 0) { createdeb_test(fd); |