diff options
Diffstat (limited to 'recipes-devtools/dpkg/dpkg/test-case-for-CVE-2017-8283.patch')
-rw-r--r-- | recipes-devtools/dpkg/dpkg/test-case-for-CVE-2017-8283.patch | 83 |
1 files changed, 0 insertions, 83 deletions
diff --git a/recipes-devtools/dpkg/dpkg/test-case-for-CVE-2017-8283.patch b/recipes-devtools/dpkg/dpkg/test-case-for-CVE-2017-8283.patch deleted file mode 100644 index 5632d8f..0000000 --- a/recipes-devtools/dpkg/dpkg/test-case-for-CVE-2017-8283.patch +++ /dev/null | |||
@@ -1,83 +0,0 @@ | |||
1 | From 57a3daba4d3dee1c33571e84f160aa1c67aece4c Mon Sep 17 00:00:00 2001 | ||
2 | From: Sona Sarmadi <sona.sarmadi@enea.com> | ||
3 | Date: Thu, 14 Dec 2017 10:40:42 +0100 | ||
4 | Subject: [PATCH] Dpkg::Source::Patch: Indented patch test-case | ||
5 | |||
6 | POSIX specifies that a diff hunk can be indented by spaces or tabs | ||
7 | (while the original patch(1) by Larry Wall also accepts 'X'), as long | ||
8 | as the amount of spaces is consistent for all subsequent lines. And as | ||
9 | we are not checking for this condition at all, any such indented hunk | ||
10 | can avoid the sanity checks performed by Dpkg::Source::Patch. | ||
11 | |||
12 | On systems using GNU patch >= 2.7.5, this should, in principle, not be | ||
13 | a problem anymore, as that implementation protects against directory | ||
14 | traversal issue. But on other systems where the patch implementation | ||
15 | does not perform such checks (such as the BSDs) this is an issue, so | ||
16 | check for this in the test-suite. | ||
17 | |||
18 | Those are arguably all security issues in these various patch | ||
19 | implementations, but given that we are performing sanity checks and that | ||
20 | those implementations are currently very lax, it seems prudent to do the | ||
21 | heavy lifting ourselves and also take the possible blame too. | ||
22 | |||
23 | Ref: test-case for CVE-2017-8283 | ||
24 | Upstream-Status: Backport | ||
25 | |||
26 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
27 | --- | ||
28 | debian/changelog | 3 +++ | ||
29 | scripts/Makefile.am | 1 + | ||
30 | scripts/t/Dpkg_Source_Patch.t | 6 +++++- | ||
31 | 3 files changed, 9 insertions(+), 1 deletion(-) | ||
32 | |||
33 | diff --git a/debian/changelog b/debian/changelog | ||
34 | index 4b5b36b..596a59e 100644 | ||
35 | --- a/debian/changelog | ||
36 | +++ b/debian/changelog | ||
37 | @@ -2,6 +2,9 @@ | ||
38 | traversal resistant patch implementation. This fixes CVE-2017-8283 by | ||
39 | delegating those checks to patch(1), so that we trap blank-indented | ||
40 | diff hunks trying to escape from the source tree. | ||
41 | + * Test suite: | ||
42 | + - Add a test case for blank-indented patches which were the cause for | ||
43 | + CVE-2017-8283. | ||
44 | |||
45 | dpkg (1.18.10) unstable; urgency=medium | ||
46 | |||
47 | diff --git a/scripts/Makefile.am b/scripts/Makefile.am | ||
48 | index 84059c1..6ce0ad6 100644 | ||
49 | --- a/scripts/Makefile.am | ||
50 | +++ b/scripts/Makefile.am | ||
51 | @@ -275,6 +275,7 @@ test_data = \ | ||
52 | t/Dpkg_Shlibs/spacesyms-o-map.pl \ | ||
53 | t/Dpkg_Source_Patch/c-style.patch \ | ||
54 | t/Dpkg_Source_Patch/ghost-hunk.patch \ | ||
55 | + t/Dpkg_Source_Patch/indent-header.patch \ | ||
56 | t/Dpkg_Source_Patch/index-+++.patch \ | ||
57 | t/Dpkg_Source_Patch/index-alone.patch \ | ||
58 | t/Dpkg_Source_Patch/index-inert.patch \ | ||
59 | diff --git a/scripts/t/Dpkg_Source_Patch.t b/scripts/t/Dpkg_Source_Patch.t | ||
60 | index 258a9aa..30be77a 100644 | ||
61 | --- a/scripts/t/Dpkg_Source_Patch.t | ||
62 | +++ b/scripts/t/Dpkg_Source_Patch.t | ||
63 | @@ -16,7 +16,7 @@ | ||
64 | use strict; | ||
65 | use warnings; | ||
66 | |||
67 | -use Test::More tests => 9; | ||
68 | +use Test::More tests => 10; | ||
69 | |||
70 | use File::Path qw(make_path); | ||
71 | |||
72 | @@ -67,4 +67,8 @@ test_patch_escape('partial', 'symlink', 'partial.patch', | ||
73 | test_patch_escape('ghost-hunk', 'symlink', 'ghost-hunk.patch', | ||
74 | 'Patch cannot escape using a disabling hunk'); | ||
75 | |||
76 | +# This is CVE-2017-8283 | ||
77 | +test_patch_escape('indent-header', 'symlink', 'indent-header.patch', | ||
78 | + 'Patch cannot escape indented hunks'); | ||
79 | + | ||
80 | 1; | ||
81 | -- | ||
82 | 1.9.1 | ||
83 | |||