Commit | Line | Data |
---|---|---|
1479465f GJ |
1 | #!/usr/bin/perl |
2 | # | |
3 | # This program is free software; you can redistribute it and/or modify | |
4 | # it under the terms of the GNU General Public License as published by | |
5 | # the Free Software Foundation; either version 2 of the License, or | |
6 | # (at your option) any later version. | |
7 | # | |
8 | # This program is distributed in the hope that it will be useful, | |
9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
11 | # GNU General Public License for more details. | |
12 | # | |
13 | # You should have received a copy of the GNU General Public License | |
14 | # along with this program. If not, see <https://www.gnu.org/licenses/>. | |
15 | ||
16 | use strict; | |
17 | use warnings; | |
18 | ||
19 | use Test::More tests => 10; | |
20 | use Test::Dpkg qw(:paths); | |
21 | ||
22 | use File::Path qw(make_path); | |
23 | ||
24 | BEGIN { | |
25 | use_ok('Dpkg::Source::Patch'); | |
26 | } | |
27 | ||
28 | my $datadir = test_get_data_path('t/Dpkg_Source_Patch'); | |
29 | my $tmpdir = 't.tmp/Dpkg_Source_Patch'; | |
30 | ||
31 | sub test_patch_escape { | |
32 | my ($name, $symlink, $patchname, $desc) = @_; | |
33 | ||
34 | make_path("$tmpdir/$name-tree"); | |
35 | make_path("$tmpdir/$name-out"); | |
36 | symlink "../$name-out", "$tmpdir/$name-tree/$symlink"; | |
37 | ||
38 | my $patch = Dpkg::Source::Patch->new(filename => "$datadir/$patchname"); | |
39 | eval { | |
40 | $patch->apply("$tmpdir/$name-tree", verbose => 0); | |
41 | }; | |
42 | ok(rmdir "$tmpdir/$name-out", $desc); | |
43 | } | |
44 | ||
45 | # This is CVE-2014-0471 with GNU patch >= 2.7 | |
46 | test_patch_escape('c-style-parsed', "\tmp", 'c-style.patch', | |
47 | 'Patch cannot escape using known c-style encoded filename'); | |
48 | ||
49 | # This is CVE-2014-0471 with GNU patch < 2.7 | |
50 | test_patch_escape('c-style-unknown', '\\tmp', 'c-style.patch', | |
51 | 'Patch cannot escape using unknown c-style encoded filename'); | |
52 | ||
53 | # This is CVE-2014-3865 | |
54 | test_patch_escape('index-alone', 'symlink', 'index-alone.patch', | |
55 | 'Patch cannot escape using Index: w/o ---/+++ header'); | |
56 | test_patch_escape('index-+++', 'symlink', 'index-+++.patch', | |
57 | 'Patch cannot escape using Index: w/ only +++ header'); | |
58 | test_patch_escape('index-inert', 'symlink', 'index-inert.patch', | |
59 | 'Patch should not fail to apply using an inert Index:'); | |
60 | ok(-e "$tmpdir/index-inert-tree/inert-file", | |
61 | 'Patch with inert Index: applies correctly'); | |
62 | ||
63 | # This is CVE-2014-3864 | |
64 | test_patch_escape('partial', 'symlink', 'partial.patch', | |
65 | 'Patch cannot escape using partial +++ header'); | |
66 | ||
67 | test_patch_escape('ghost-hunk', 'symlink', 'ghost-hunk.patch', | |
68 | 'Patch cannot escape using a disabling hunk'); | |
69 | ||
70 | # This is CVE-2017-8283 | |
71 | test_patch_escape('indent-header', 'symlink', 'indent-header.patch', | |
72 | 'Patch cannot escape indented hunks'); | |
73 | ||
74 | 1; |