From c53cf70da31a3c59675af8c5425b54433793dc8d Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sat, 16 Aug 2014 13:29:10 +0200 Subject: add dpkg::source-options for dpkg-source invocation dpkg-source can be told to enforce signature checks with --require-valid-signature, but while this isn't feasible as default for Debian itself at the moment, a local admin should be able to use it. This commit also fixes the size limit on the construction of the command being called for dpkg-source and dpkg-buildpackage. Closes: 757534 --- cmdline/apt-get.cc | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index a58386eb0..845d67d2b 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -953,18 +953,19 @@ static bool DoSource(CommandLine &CmdL) else { // Call dpkg-source - char S[500]; - snprintf(S,sizeof(S),"%s -x %s", + std::string const sourceopts = _config->Find("DPkg::Source-Options", "-x"); + std::string S; + strprintf(S, "%s %s %s", _config->Find("Dir::Bin::dpkg-source","dpkg-source").c_str(), - Dsc[I].Dsc.c_str()); - if (system(S) != 0) + sourceopts.c_str(), Dsc[I].Dsc.c_str()); + if (system(S.c_str()) != 0) { - fprintf(stderr,_("Unpack command '%s' failed.\n"),S); - fprintf(stderr,_("Check if the 'dpkg-dev' package is installed.\n")); + fprintf(stderr, _("Unpack command '%s' failed.\n"), S.c_str()); + fprintf(stderr, _("Check if the 'dpkg-dev' package is installed.\n")); _exit(1); - } + } } - + // Try to compile it with dpkg-buildpackage if (_config->FindB("APT::Get::Compile",false) == true) { @@ -980,20 +981,20 @@ static bool DoSource(CommandLine &CmdL) buildopts.append(_config->Find("DPkg::Build-Options","-b -uc")); // Call dpkg-buildpackage - char S[500]; - snprintf(S,sizeof(S),"cd %s && %s %s", + std::string S; + strprintf(S, "cd %s && %s %s", Dir.c_str(), _config->Find("Dir::Bin::dpkg-buildpackage","dpkg-buildpackage").c_str(), buildopts.c_str()); - - if (system(S) != 0) + + if (system(S.c_str()) != 0) { - fprintf(stderr,_("Build command '%s' failed.\n"),S); + fprintf(stderr, _("Build command '%s' failed.\n"), S.c_str()); _exit(1); - } - } + } + } } - + _exit(0); } -- cgit v1.2.3-70-g09d2 From c6ee61eab54edf6cc3fbe118d304d72a860e1451 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 2 Sep 2014 15:50:19 +0200 Subject: Make Proxy-Auto-Detect check for each host When doing Acquire::http{,s}::Proxy-Auto-Detect, run the auto-detect command for each host instead of only once. This should make using "proxy" from libproxy-tools feasible which can then be used for PAC style or other proxy configurations. Closes: #759264 --- apt-pkg/contrib/proxy.cc | 82 ++++++++++++++++++++++++++++++++++++++++ apt-pkg/contrib/proxy.h | 16 ++++++++ cmdline/apt-helper.cc | 16 ++++++++ methods/http.cc | 62 +----------------------------- methods/http.h | 3 -- methods/https.cc | 4 ++ test/integration/test-apt-helper | 80 ++++++++++++++++++++++++++++----------- 7 files changed, 178 insertions(+), 85 deletions(-) create mode 100644 apt-pkg/contrib/proxy.cc create mode 100644 apt-pkg/contrib/proxy.h (limited to 'cmdline') diff --git a/apt-pkg/contrib/proxy.cc b/apt-pkg/contrib/proxy.cc new file mode 100644 index 000000000..b58db8478 --- /dev/null +++ b/apt-pkg/contrib/proxy.cc @@ -0,0 +1,82 @@ +// -*- mode: cpp; mode: fold -*- +// Description /*{{{*/ +/* ###################################################################### + + Proxy - Proxy releated functions + + ##################################################################### */ + /*}}}*/ +// Include Files /*{{{*/ +#include +#include +#include +#include + +#include +#include + +#include "proxy.h" + + +// AutoDetectProxy - auto detect proxy /*{{{*/ +// --------------------------------------------------------------------- +/* */ +bool AutoDetectProxy(URI &URL) +{ + // we support both http/https debug options + bool Debug = _config->FindB("Debug::Acquire::"+URL.Access,false); + + // option is "Acquire::http::Proxy-Auto-Detect" but we allow the old + // name without the dash ("-") + std::string AutoDetectProxyCmd = _config->Find("Acquire::"+URL.Access+"::Proxy-Auto-Detect", + _config->Find("Acquire::"+URL.Access+"::ProxyAutoDetect")); + + if (AutoDetectProxyCmd.empty()) + return true; + + if (Debug) + std::clog << "Using auto proxy detect command: " << AutoDetectProxyCmd << std::endl; + + int Pipes[2] = {-1,-1}; + if (pipe(Pipes) != 0) + return _error->Errno("pipe", "Failed to create Pipe"); + + pid_t Process = ExecFork(); + if (Process == 0) + { + close(Pipes[0]); + dup2(Pipes[1],STDOUT_FILENO); + SetCloseExec(STDOUT_FILENO,false); + + std::string foo = URL; + const char *Args[4]; + Args[0] = AutoDetectProxyCmd.c_str(); + Args[1] = foo.c_str(); + Args[2] = 0; + execv(Args[0],(char **)Args); + std::cerr << "Failed to exec method " << Args[0] << std::endl; + _exit(100); + } + char buf[512]; + int InFd = Pipes[0]; + close(Pipes[1]); + int res = read(InFd, buf, sizeof(buf)-1); + ExecWait(Process, "ProxyAutoDetect", true); + + if (res < 0) + return _error->Errno("read", "Failed to read"); + if (res == 0) + return _error->Warning("ProxyAutoDetect returned no data"); + + // add trailing \0 + buf[res] = 0; + + if (Debug) + std::clog << "auto detect command returned: '" << buf << "'" << std::endl; + + if (strstr(buf, URL.Access.c_str()) == buf) + _config->Set("Acquire::"+URL.Access+"::proxy::"+URL.Host, _strstrip(buf)); + + return true; +} + /*}}}*/ diff --git a/apt-pkg/contrib/proxy.h b/apt-pkg/contrib/proxy.h new file mode 100644 index 000000000..2cbcd07b4 --- /dev/null +++ b/apt-pkg/contrib/proxy.h @@ -0,0 +1,16 @@ +// -*- mode: cpp; mode: fold -*- +// Description /*{{{*/ +/* ###################################################################### + + Proxy - Proxy operations + + ##################################################################### */ + /*}}}*/ +#ifndef PKGLIB_PROXY_H +#define PKGLIB_PROXY_H + +class URI; +bool AutoDetectProxy(URI &URL); + + +#endif diff --git a/cmdline/apt-helper.cc b/cmdline/apt-helper.cc index b0edafcbd..dd43ea1bc 100644 --- a/cmdline/apt-helper.cc +++ b/cmdline/apt-helper.cc @@ -16,6 +16,7 @@ #include #include #include +#include #include #include @@ -29,6 +30,19 @@ #include /*}}}*/ +static bool DoAutoDetectProxy(CommandLine &CmdL) +{ + if (CmdL.FileSize() != 2) + return _error->Error(_("Need one URL as argument")); + URI ServerURL(CmdL.FileList[1]); + AutoDetectProxy(ServerURL); + std::string SpecificProxy = _config->Find("Acquire::"+ServerURL.Access+"::Proxy::" + ServerURL.Host); + ioprintf(std::cout, "Using proxy '%s' for URL '%s'\n", + SpecificProxy.c_str(), std::string(ServerURL).c_str()); + + return true; +} + static bool DoDownloadFile(CommandLine &CmdL) { if (CmdL.FileSize() <= 2) @@ -70,6 +84,7 @@ static bool ShowHelp(CommandLine &) "\n" "Commands:\n" " download-file - download the given uri to the target-path\n" + " auto-detect-proxy - detect proxy using apt.conf\n" "\n" " This APT helper has Super Meep Powers.\n"); return true; @@ -80,6 +95,7 @@ int main(int argc,const char *argv[]) /*{{{*/ { CommandLine::Dispatch Cmds[] = {{"help",&ShowHelp}, {"download-file", &DoDownloadFile}, + {"auto-detect-proxy", &DoAutoDetectProxy}, {0,0}}; std::vector Args = getCommandArgs( diff --git a/methods/http.cc b/methods/http.cc index 7c7949eac..f2a4a4db6 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -34,6 +34,7 @@ #include #include #include +#include #include #include @@ -304,6 +305,7 @@ bool HttpServerState::Open() Persistent = true; // Determine the proxy setting + AutoDetectProxy(ServerName); string SpecificProxy = _config->Find("Acquire::http::Proxy::" + ServerName.Host); if (!SpecificProxy.empty()) { @@ -762,66 +764,6 @@ bool HttpMethod::Configuration(string Message) PipelineDepth); Debug = _config->FindB("Debug::Acquire::http",false); - // Get the proxy to use - AutoDetectProxy(); - - return true; -} - /*}}}*/ -// HttpMethod::AutoDetectProxy - auto detect proxy /*{{{*/ -// --------------------------------------------------------------------- -/* */ -bool HttpMethod::AutoDetectProxy() -{ - // option is "Acquire::http::Proxy-Auto-Detect" but we allow the old - // name without the dash ("-") - AutoDetectProxyCmd = _config->Find("Acquire::http::Proxy-Auto-Detect", - _config->Find("Acquire::http::ProxyAutoDetect")); - - if (AutoDetectProxyCmd.empty()) - return true; - - if (Debug) - clog << "Using auto proxy detect command: " << AutoDetectProxyCmd << endl; - - int Pipes[2] = {-1,-1}; - if (pipe(Pipes) != 0) - return _error->Errno("pipe", "Failed to create Pipe"); - - pid_t Process = ExecFork(); - if (Process == 0) - { - close(Pipes[0]); - dup2(Pipes[1],STDOUT_FILENO); - SetCloseExec(STDOUT_FILENO,false); - - const char *Args[2]; - Args[0] = AutoDetectProxyCmd.c_str(); - Args[1] = 0; - execv(Args[0],(char **)Args); - cerr << "Failed to exec method " << Args[0] << endl; - _exit(100); - } - char buf[512]; - int InFd = Pipes[0]; - close(Pipes[1]); - int res = read(InFd, buf, sizeof(buf)-1); - ExecWait(Process, "ProxyAutoDetect", true); - - if (res < 0) - return _error->Errno("read", "Failed to read"); - if (res == 0) - return _error->Warning("ProxyAutoDetect returned no data"); - - // add trailing \0 - buf[res] = 0; - - if (Debug) - clog << "auto detect command returned: '" << buf << "'" << endl; - - if (strstr(buf, "http://") == buf) - _config->Set("Acquire::http::proxy", _strstrip(buf)); - return true; } /*}}}*/ diff --git a/methods/http.h b/methods/http.h index 5406ce4a7..1df9fa07d 100644 --- a/methods/http.h +++ b/methods/http.h @@ -124,9 +124,6 @@ class HttpMethod : public ServerMethod public: virtual void SendReq(FetchItem *Itm); - /** \brief Try to AutoDetect the proxy */ - bool AutoDetectProxy(); - virtual bool Configuration(std::string Message); virtual ServerState * CreateServerState(URI uri); diff --git a/methods/https.cc b/methods/https.cc index e0348ab58..0499af0c5 100644 --- a/methods/https.cc +++ b/methods/https.cc @@ -20,6 +20,7 @@ #include #include #include +#include #include #include @@ -107,6 +108,9 @@ void HttpsMethod::SetupProxy() /*{{{*/ { URI ServerName = Queue->Uri; + // Determine the proxy setting + AutoDetectProxy(ServerName); + // Curl should never read proxy settings from the environment, as // we determine which proxy to use. Do this for consistency among // methods and prevent an environment variable overriding a diff --git a/test/integration/test-apt-helper b/test/integration/test-apt-helper index 6505b5956..c749224ca 100755 --- a/test/integration/test-apt-helper +++ b/test/integration/test-apt-helper @@ -9,31 +9,67 @@ configarchitecture "i386" changetohttpswebserver -echo "foo" > aptarchive/foo +test_apt_helper_download() { + echo "foo" > aptarchive/foo -msgtest 'apt-file download-file md5sum' -apthelper -qq download-file http://localhost:8080/foo foo2 MD5Sum:d3b07384d113edec49eaa6238ad5ff00 && msgpass || msgfail -testfileequal foo2 'foo' + msgtest 'apt-file download-file md5sum' + apthelper -qq download-file http://localhost:8080/foo foo2 MD5Sum:d3b07384d113edec49eaa6238ad5ff00 && msgpass || msgfail + testfileequal foo2 'foo' -msgtest 'apt-file download-file sha1' -apthelper -qq download-file http://localhost:8080/foo foo1 SHA1:f1d2d2f924e986ac86fdf7b36c94bcdf32beec15 && msgpass || msgfail -testfileequal foo1 'foo' + msgtest 'apt-file download-file sha1' + apthelper -qq download-file http://localhost:8080/foo foo1 SHA1:f1d2d2f924e986ac86fdf7b36c94bcdf32beec15 && msgpass || msgfail + testfileequal foo1 'foo' -msgtest 'apt-file download-file sha256' -apthelper -qq download-file http://localhost:8080/foo foo3 SHA256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c && msgpass || msgfail -testfileequal foo3 'foo' + msgtest 'apt-file download-file sha256' + apthelper -qq download-file http://localhost:8080/foo foo3 SHA256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c && msgpass || msgfail + testfileequal foo3 'foo' -msgtest 'apt-file download-file no-hash' -apthelper -qq download-file http://localhost:8080/foo foo4 && msgpass || msgfail -testfileequal foo4 'foo' - -msgtest 'apt-file download-file wrong hash' -if ! apthelper -qq download-file http://localhost:8080/foo foo5 MD5Sum:aabbcc 2>&1 2> download.stderr; then - msgpass -else - msgfail -fi -testfileequal download.stderr 'E: Failed to fetch http://localhost:8080/foo Hash Sum mismatch + msgtest 'apt-file download-file no-hash' + apthelper -qq download-file http://localhost:8080/foo foo4 && msgpass || msgfail + testfileequal foo4 'foo' + + msgtest 'apt-file download-file wrong hash' + if ! apthelper -qq download-file http://localhost:8080/foo foo5 MD5Sum:aabbcc 2>&1 2> download.stderr; then + msgpass + else + msgfail + fi + testfileequal download.stderr 'E: Failed to fetch http://localhost:8080/foo Hash Sum mismatch E: Download Failed' -testfileequal foo5.FAILED 'foo' + testfileequal foo5.FAILED 'foo' +} + +test_apt_helper_detect_proxy() { + # no proxy + testequal "Using proxy '' for URL 'http://example.com/'" apthelper auto-detect-proxy http://example.com/ + + + # http auto detect proxy script + cat > apt-proxy-detect <<'EOF' +#!/bin/sh -e +echo "http://some-proxy" +EOF + chmod 755 apt-proxy-detect + echo "Acquire::http::Proxy-Auto-Detect \"$(pwd)/apt-proxy-detect\";" > rootdir/etc/apt/apt.conf.d/02proxy-detect + + testequal "Using proxy 'http://some-proxy' for URL 'http://www.example.com/'" apthelper auto-detect-proxy http://www.example.com + + + # https auto detect proxy script + cat > apt-proxy-detect <<'EOF' +#!/bin/sh -e +echo "https://https-proxy" +EOF + chmod 755 apt-proxy-detect + echo "Acquire::https::Proxy-Auto-Detect \"$(pwd)/apt-proxy-detect\";" > rootdir/etc/apt/apt.conf.d/02proxy-detect + + testequal "Using proxy 'https://https-proxy' for URL 'https://ssl.example.com/'" apthelper auto-detect-proxy https://ssl.example.com + + + +} + +test_apt_helper_download +test_apt_helper_detect_proxy + -- cgit v1.2.3-70-g09d2 From 097248092ea4ff4543dfb17deb4e0d31dd697c71 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 2 Sep 2014 17:06:52 +0200 Subject: Use heap to allocate PatternMatch to avoid potential stack overflow When apt-cache search with many args (> 130) is given the allocation of PatternMatch on the stack may fail resulting in a segmentation fault. By using the heap the max size is much bigger and we also get a bad_alloc expection instead of a segfault (which we can catch *if* this ever becomes a pratical problem). No test for the crash as its not reproducable with the MALLOC_ settings in framework. Closes: 759612 --- cmdline/apt-cache.cc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-cache.cc b/cmdline/apt-cache.cc index 1414617eb..ac0d48a36 100644 --- a/cmdline/apt-cache.cc +++ b/cmdline/apt-cache.cc @@ -1278,8 +1278,8 @@ static bool Search(CommandLine &CmdL) ExDescFile *DFList = new ExDescFile[descCount]; memset(DFList,0,sizeof(*DFList) * descCount); - bool PatternMatch[descCount * NumPatterns]; - memset(PatternMatch,false,sizeof(PatternMatch)); + bool *PatternMatch = new bool[descCount * NumPatterns]; + memset(PatternMatch,false,sizeof(*PatternMatch) * descCount * NumPatterns); // Map versions that we want to write out onto the VerList array. for (pkgCache::GrpIterator G = Cache->GrpBegin(); G.end() == false; ++G) @@ -1389,6 +1389,7 @@ static bool Search(CommandLine &CmdL) } delete [] DFList; + delete [] PatternMatch; for (unsigned I = 0; I != NumPatterns; I++) regfree(&Patterns[I]); if (ferror(stdout)) -- cgit v1.2.3-70-g09d2