Fix test suite regression from StrToNum fixes

We ignored the failure from strtoul() that those test cases had values out of range, hence they passed before, but now failed on 32-bit platforms because we use strtoull() and do the limit check ourselves. Move the tarball generator for test-github-111-invalid-armember to the createdeb helper, and fix the helper to set all the numbers for like uid and stuff to 0 instead of the maximum value the fields support (all 7s). Regression-Of: e0743a8
Team5964 · Feb 9, 2021 · 6284c82 · 6284c82
1 parent e6bdafa
commit 6284c82
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 56 deletions.
diff --git a/test/integration/test-github-111-invalid-armember b/test/integration/test-github-111-invalid-armember
@@ -25,62 +25,8 @@ printf '!<arch>\0120123456789ABCDE.A123456789A.01234.01234.0123456.012345678.0.'
 testsuccessequal "E: Invalid archive member header" ${APTTESTHELPERSBINDIR}/testdeb test.deb
 
 
-# unused source code for generating $tar below
-maketar() {
-	cat > maketar.c << EOF
-	#include <stdio.h>
-	#include <string.h>
-	struct tar {
-	   char Name[100];
-	   char Mode[8];
-	   char UserID[8];
-	   char GroupID[8];
-	   char Size[12];
-	   char MTime[12];
-	   char Checksum[8];
-	   char LinkFlag;
-	   char LinkName[100];
-	   char MagicNumber[8];
-	   char UserName[32];
-	   char GroupName[32];
-	   char Major[8];
-	   char Minor[8];
-	};
-
-	int main(void)
-	{
-		union {
-			struct tar t;
-			char buf[512];
-		} t;
-		for (int i = 0; i < sizeof(t.buf); i++)
-			t.buf[i] = '7';
-		memcpy(t.t.Name, "unterminatedName", 16);
-		memcpy(t.t.UserName, "userName", 8);
-		memcpy(t.t.GroupName, "thisIsAGroupNamethisIsAGroupName", 32);
-		t.t.LinkFlag = 'X'; // I AM BROKEN
-		memcpy(t.t.Size, "000000000000", sizeof(t.t.Size));
-		memset(t.t.Checksum,' ',sizeof(t.t.Checksum));
-
-		unsigned long sum = 0;
-		for (int i = 0; i < sizeof(t.buf); i++)
-			sum += t.buf[i];
-
-		int written = sprintf(t.t.Checksum, "%lo", sum);
-		for (int i = written; i < sizeof(t.t.Checksum); i++)
-			t.t.Checksum[i] = ' ';
-		fwrite(t.buf, sizeof(t.buf), 1, stdout);
-	}
-EOF
-
-	gcc maketar.c -o maketar -Wall
-	./maketar
-}
-
-
-#
-tar="unterminatedName77777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777700000000000077777777777773544   X777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777userName777777777777777777777777thisIsAGroupNamethisIsAGroupName777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777"
-printf '%s' "$tar" | gzip > control.tar.gz
+${APTTESTHELPERSBINDIR}/createdeb-cve-2020-27350 github-111 control.tar
+gzip control.tar
 cp control.tar.gz data.tar.gz
 touch debian-binary
 rm test.deb

diff --git a/test/interactive-helper/createdeb-cve-2020-27350.cc b/test/interactive-helper/createdeb-cve-2020-27350.cc
@@ -203,6 +203,12 @@ static void createdeb_bigtarfilelength(const int fd, int flag, unsigned long lon
    memcpy(t.t.Name, "control\0        ", 16);
    memcpy(t.t.UserName, "userName", 8);
    memcpy(t.t.GroupName, "thisIsAGroupNamethisIsAGroupName", 32);
+   memcpy(t.t.UserID, "0", 2);
+   memcpy(t.t.GroupID, "0", 2);
+   memcpy(t.t.MTime, "0", 2);
+   memcpy(t.t.MagicNumber, "0", 2);
+   memcpy(t.t.Major, "0", 2);
+   memcpy(t.t.Minor, "0", 2);
    t.t.LinkFlag = flag;
    base256_encode(t.t.Size, size, sizeof(t.t.Size));
    memset(t.t.Checksum, ' ', sizeof(t.t.Checksum));
@@ -218,6 +224,38 @@ static void createdeb_bigtarfilelength(const int fd, int flag, unsigned long lon
    write_chk(fd, t.buf, sizeof(t.buf));
 }
 
+static void createtar(const int fd)
+{
+   union
+   {
+      struct TarHeader t;
+      char buf[512];
+   } t;
+   for (int i = 0; i < sizeof(t.buf); i++)
+      t.buf[i] = '7';
+   memcpy(t.t.Name, "unterminatedName", 16);
+   memcpy(t.t.UserName, "userName", 8);
+   memcpy(t.t.GroupName, "thisIsAGroupNamethisIsAGroupName", 32);
+   memcpy(t.t.UserID, "0", 2);
+   memcpy(t.t.GroupID, "0", 2);
+   memcpy(t.t.MTime, "0", 2);
+   memcpy(t.t.MagicNumber, "0", 2);
+   memcpy(t.t.Major, "0", 2);
+   memcpy(t.t.Minor, "0", 2);
+   t.t.LinkFlag = 'X'; // I AM BROKEN
+   memcpy(t.t.Size, "000000000000", sizeof(t.t.Size));
+   memset(t.t.Checksum, ' ', sizeof(t.t.Checksum));
+
+   unsigned long sum = 0;
+   for (int i = 0; i < sizeof(t.buf); i++)
+      sum += t.buf[i];
+
+   int written = sprintf(t.t.Checksum, "%lo", sum);
+   for (int i = written; i < sizeof(t.t.Checksum); i++)
+      t.t.Checksum[i] = ' ';
+   write_chk(fd, t.buf, sizeof(t.buf));
+}
+
 static void createdeb_test(const int fd)
 {
    // Magic number
@@ -311,6 +349,10 @@ int main(int argc, char *argv[])
    {
       createdeb_bigtarfilelength(fd, '0', 128llu * 1024 * 1024 * 1024 + 1);
    }
+   else if (strcmp(mode, "github-111") == 0)
+   {
+      createtar(fd);
+   }
    else if (strcmp(mode, "test") == 0)
    {
       createdeb_test(fd);