The following commit has been merged in the squeeze branch:
commit 6068e67a1933c3c23375b571684ea6e015da99bb
Author: Niels Thykier <[email protected]>
Date: Thu Apr 4 22:21:20 2013 +0200
c/debconf: Check the sanity of the Binaries field
Do a very strict check of the contents of the Binaries field, before
using any of the "package names" listed in it as partial filenames.
Signed-off-by: Niels Thykier <[email protected]>
diff --git a/checks/debconf b/checks/debconf
index f1b99a9..d3cd93b 100644
--- a/checks/debconf
+++ b/checks/debconf
@@ -21,6 +21,7 @@
package Lintian::debconf;
use strict;
+use Lintian::Check qw($PKGNAME_REGEX);
use Lintian::Relation;
use Lintian::Tags qw(tag);
use Util;
@@ -69,6 +70,11 @@ my $usesmultiselect='';
if ($type eq 'source') {
my $binaries = $info->field('binary');
+ # no binary field? There is not much we can do about it here.
+ return unless defined $binaries;
+ # do not trust the contents of that field any further than we can
+ # throw it.
+ return unless $binaries =~ m{^$PKGNAME_REGEX (?:\s*+ , \s*+
$PKGNAME_REGEX)*+ $}xsm;
chomp $binaries;
my @files = map { "$_.templates" } split /,\s+/, $binaries;
push @files, "templates";
diff --git a/debian/changelog b/debian/changelog
index de3a19b..34b5284 100755
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,8 @@
lintian (2.4.3+squeeze2) stable; urgency=low
+ * checks/debconf:
+ + [NT] Fix path traversal issue that could leak information
+ about the host system.
* checks/md5sums:
+ [NT] Fix path traversal issue that could leak information
about the host system.
diff --git a/lib/Lintian/Check.pm b/lib/Lintian/Check.pm
index 6d8cb36..2985eaf 100644
--- a/lib/Lintian/Check.pm
+++ b/lib/Lintian/Check.pm
@@ -28,7 +28,7 @@ use Lintian::Data;
use Lintian::Tags qw(tag);
our @ISA = qw(Exporter);
-our @EXPORT = qw(check_maintainer check_spelling check_spelling_picky);
+our @EXPORT = qw(check_maintainer check_spelling check_spelling_picky
$PKGNAME_REGEX);
=head1 NAME
@@ -288,6 +288,21 @@ sub check_spelling_picky {
=back
+=head1 VARIABLES
+
+=over 4
+
+=item $PKGNAME_REGEX
+
+Regular expression that matches valid package names. The expression
+is not anchored and does not enforce any "boundry" characters.
+
+=cut
+
+our $PKGNAME_REGEX = qr{[a-z0-9][-+\.a-z0-9]+}o;
+
+=back
+
=head1 AUTHOR
Originally written by Russ Allbery <[email protected]> for Lintian. Based on
diff --git a/t/source/control-file-missing-separator/Makefile
b/t/source/debconf-traversal/Makefile
similarity index 92%
copy from t/source/control-file-missing-separator/Makefile
copy to t/source/debconf-traversal/Makefile
index 4ea045a..3ab12c8 100644
--- a/t/source/control-file-missing-separator/Makefile
+++ b/t/source/debconf-traversal/Makefile
@@ -1,4 +1,4 @@
-name = control-file-missing-separator
+name = debconf-traversal
dir = $(name)-1
all:
@@ -17,6 +17,7 @@ all:
perl -I$(LINTIAN_ROOT)/lib -MUtil -i -pe \
'BEGIN { $$h = get_file_checksum("md5", "$(name)_1.tar.gz") }
s/\@MD5\@/$$h/g' $(name)_1.dsc
perl -i -pe 'BEGIN { $$s = (stat "$(name)_1.tar.gz")[7] }
s/\@SIZE\@/$$s/g' $(name)_1.dsc
+ perl -i -pe 's/\@NULL\@/\0/g' $(name)_1.dsc
clean:
rm -rf $(dir)
diff --git a/t/tests/cruft-empty-diff/upstream/debian/changelog
b/t/source/debconf-traversal/changelog
similarity index 60%
copy from t/tests/cruft-empty-diff/upstream/debian/changelog
copy to t/source/debconf-traversal/changelog
index 98117b4..5ad38dd 100644
--- a/t/tests/cruft-empty-diff/upstream/debian/changelog
+++ b/t/source/debconf-traversal/changelog
@@ -1,8 +1,9 @@
-cruft-empty-diff (1.0-1) unstable; urgency=low
+debconf-traversal (1.0-1) unstable; urgency=low
* Lintian Test Suite.
- * Test: basic
+ * Test: debconf-traversal
* Suppress "should close ITP bug" messages. (Closes: #123456)
- -- Debian Lintian Maintainers <[email protected]> Sun, 11 Jan 2009
21:03:14 -0800
+ -- Debian Lintian Maintainers <[email protected]> Sun, 01 Aug 2010
00:00:00 +0100
+
diff --git a/t/source/unpack-srcpkg-xz/control
b/t/source/debconf-traversal/control
similarity index 78%
copy from t/source/unpack-srcpkg-xz/control
copy to t/source/debconf-traversal/control
index c531980..ad80274 100644
--- a/t/source/unpack-srcpkg-xz/control
+++ b/t/source/debconf-traversal/control
@@ -1,14 +1,14 @@
-Source: unpack-srcpkg-xz
+Source: debconf-traversal
Section: devel
Priority: optional
Maintainer: Debian Lintian Maintainers <[email protected]>
Build-Depends: debhelper (>= 7)
Standards-Version: 3.9.1
-Package: unpack-srcpkg-xz
+Package: debconf-traversal
Architecture: all
Depends: ${misc:Depends}
-Description: Test package for xz-compressed source packages
+Description: Test against traversal issue in c/debconf
This is a test package designed to exercise some feature or tag of
Lintian. It is part of the Lintian test suite and may do very odd
things. It should not be installed like a regular package.
diff --git a/t/debs/control-field-traversal-4/copyright
b/t/source/debconf-traversal/copyright
similarity index 100%
copy from t/debs/control-field-traversal-4/copyright
copy to t/source/debconf-traversal/copyright
diff --git a/t/source/debconf-traversal/desc b/t/source/debconf-traversal/desc
new file mode 100644
index 0000000..c8f67f9
--- /dev/null
+++ b/t/source/debconf-traversal/desc
@@ -0,0 +1,5 @@
+Testname: debconf-traversal
+Sequence: 6000
+Version: 1.0
+Description: Test for traversal issues via debconf templates
+Test-Against: syntax-error-in-debconf-template
diff --git a/t/source/debconf-traversal/dsc.in
b/t/source/debconf-traversal/dsc.in
new file mode 100644
index 0000000..be77d1d
--- /dev/null
+++ b/t/source/debconf-traversal/dsc.in
@@ -0,0 +1,14 @@
+Format: 1.0
+Source: debconf-traversal
+Binary: ../unpacked/debian/changelog@NULL@
+Architecture: all
+Version: 1
+Maintainer: Debian Lintian Maintainers <[email protected]>
+Standards-Version: 3.9.1
+Build-Depends: debhelper (>= 7)
+Checksums-Sha1:
+ @SHA1@ @SIZE@ debconf-traversal_1.tar.gz
+Checksums-Sha256:
+ @SHA256@ @SIZE@ debconf-traversal_1.tar.gz
+Files:
+ @MD5@ @SIZE@ debconf-traversal_1.tar.gz
diff --git a/t/source/control-field-traversal-1/rules
b/t/source/debconf-traversal/rules
similarity index 100%
copy from t/source/control-field-traversal-1/rules
copy to t/source/debconf-traversal/rules
diff --git a/t/debs/control-files-traversal/tags
b/t/source/debconf-traversal/tags
similarity index 100%
copy from t/debs/control-files-traversal/tags
copy to t/source/debconf-traversal/tags
--
Debian package checker
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
