The autopkgtest test cases 0002 to 0004 need an update for the 0.1.x versions.
In 0002, I have corrected the CRC for the rar-contained file.
In 0003 and 0004, I have reworked the expected valgrind exitcode for the "list"
operation.
#!/bin/sh
#
# Test CVE-2017-14120
setUp() {
uudecode >archive.rar <<EOF
begin-base64 644 -
UmFyIRoHAM+QcwAADQAAAAAAAAATTnQAgCUABQAAAAUAAAAAm7HC/4+CR0YU
MAUAIAAAAC4uL3h4YWFiDQo=
====
EOF
}
tearDown() {
rm -f archive.tar ../xx
}
testList() {
unrar-free --list archive.rar
assertEquals "Status code" $? 0
}
testExtract() {
unrar-free --extract archive.rar
assertNotEquals "Status code" $? 0
assertFalse "File does not exist" "-e ../xx"
}
. /usr/bin/shunit2
#!/bin/sh
#
# Test CVE-2017-14122
setUp() {
uudecode > unrar-gpl-stack-overread.rar <<EOF
begin-base64 644 -
UmFyIRoHADAwMDAwDQAwMDAwMDAwMHQwMDA=
====
EOF
}
tearDown() {
rm -f unrar-gpl-stack-overread.rar
}
testList() {
valgrind --error-exitcode=122 --track-origins=yes unrar-free --list
unrar-gpl-stack-overread.rar
assertNotEquals "Valgrind status code" 122 $?
}
testExtract() {
valgrind --error-exitcode=122 --track-origins=yes unrar-free --extract
unrar-gpl-stack-overread.rar
assertNotEquals "Valgrind status code" 122 $?
}
. /usr/bin/shunit2
#!/bin/sh
#
# Test CVE-2017-14121
setUp() {
uudecode > unrar-gpl-nullptr.rar <<EOF
begin-base64 644 -
UmFyIRoHAM+QcwAADQAAAAAAAABvvXQAgCUABQAAAAUAAAAAm7HC/4+CR0YU
AAAAAAAAb70=
====
EOF
}
tearDown() {
rm -f unrar-gpl-nullptr.rar
}
testList() {
valgrind --error-exitcode=121 --track-origins=yes unrar-free --list
unrar-gpl-nullptr.rar
assertNotEquals "Valgrind status code" 121 $?
}
testExtract() {
catchsegv unrar-free --extract unrar-gpl-nullptr.rar >
"$AUTOPKGTEST_TMP"/0004-CVE-2017-14121.log 2>&1
grep -q '*** Segmentation fault'
"$AUTOPKGTEST_TMP"/0004-CVE-2017-14121.log
assertNotEquals "catchsegv value" 0 $?
valgrind --error-exitcode=121 --track-origins=yes unrar-free --extract
unrar-gpl-nullptr.rar
assertNotEquals "Valgrind status code" 121 $?
}
. /usr/bin/shunit2
