From 2ccf4d8d6768f6ccc439955dbd68dd27596b309d Mon Sep 17 00:00:00 2001 From: James Troup Date: Wed, 21 Jan 2004 03:20:52 +0000 Subject: [PATCH] 2004-01-21 James Troup * utils.py (parse_changes): don't process data not inside the signed data. Thanks to Andrew Suffield for pointing this out. * test/005/test.py (main): new test to test for above. --- test/005/bogus-post.changes | 41 ++++++++++++++++++++++++++ test/005/bogus-pre.changes | 41 ++++++++++++++++++++++++++ test/005/evil.changes | 43 ++++++++++++++++++++++++++++ test/005/test.py | 57 +++++++++++++++++++++++++++++++++++++ test/005/valid.changes | 40 ++++++++++++++++++++++++++ utils.py | 7 +++-- 6 files changed, 227 insertions(+), 2 deletions(-) create mode 100644 test/005/bogus-post.changes create mode 100644 test/005/bogus-pre.changes create mode 100644 test/005/evil.changes create mode 100755 test/005/test.py create mode 100644 test/005/valid.changes diff --git a/test/005/bogus-post.changes b/test/005/bogus-post.changes new file mode 100644 index 00000000..95e5a1f3 --- /dev/null +++ b/test/005/bogus-post.changes @@ -0,0 +1,41 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +Format: 1.7 +Date: Tue, 9 Sep 2003 01:16:01 +0100 +Source: gawk +Binary: gawk +Architecture: source i386 +Version: 1:3.1.3-2 +Distribution: unstable +Urgency: low +Maintainer: James Troup +Changed-By: James Troup +Description: + gawk - GNU awk, a pattern scanning and processing language +Closes: 204699 204701 +Changes: + gawk (1:3.1.3-2) unstable; urgency=low + . + * debian/control (Standards-Version): bump to 3.6.1.0. + . + * 02_fix-ascii.dpatch: new patch from upstream to fix [[:ascii:]]. + Thanks to for reporting the bug and forwarding it + upstream. Closes: #204701 + . + * 03_fix-high-char-ranges.dpatch: new patch from upstream to fix + [\x80-\xff]. Thanks to for reporting the bug and + forwarding it upstream. Closes: #204699 +Files: + 0e6542c48bcc9d9586fc8ebe4e7242a4 561 interpreters optional gawk_3.1.3-2.dsc + 50a29dce4a2c6e2ac38069eb7c41d9c4 8302 interpreters optional gawk_3.1.3-2.diff.gz + 5a255c7b421ac699804212e10205f22d 871114 interpreters optional gawk_3.1.3-2_i386.deb + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (GNU/Linux) + +iEYEARECAAYFAj9dHWsACgkQgD/uEicUG7DUnACglndvU4LCA0/k36Qp873N0Sau +fCwAoMdgIOUBcUfMqXvVnxdW03ev5bNB +=O7Gh +-----END PGP SIGNATURE----- +You: have been 0wned diff --git a/test/005/bogus-pre.changes b/test/005/bogus-pre.changes new file mode 100644 index 00000000..0234d8b7 --- /dev/null +++ b/test/005/bogus-pre.changes @@ -0,0 +1,41 @@ +You: have been 0wned +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +Format: 1.7 +Date: Tue, 9 Sep 2003 01:16:01 +0100 +Source: gawk +Binary: gawk +Architecture: source i386 +Version: 1:3.1.3-2 +Distribution: unstable +Urgency: low +Maintainer: James Troup +Changed-By: James Troup +Description: + gawk - GNU awk, a pattern scanning and processing language +Closes: 204699 204701 +Changes: + gawk (1:3.1.3-2) unstable; urgency=low + . + * debian/control (Standards-Version): bump to 3.6.1.0. + . + * 02_fix-ascii.dpatch: new patch from upstream to fix [[:ascii:]]. + Thanks to for reporting the bug and forwarding it + upstream. Closes: #204701 + . + * 03_fix-high-char-ranges.dpatch: new patch from upstream to fix + [\x80-\xff]. Thanks to for reporting the bug and + forwarding it upstream. Closes: #204699 +Files: + 0e6542c48bcc9d9586fc8ebe4e7242a4 561 interpreters optional gawk_3.1.3-2.dsc + 50a29dce4a2c6e2ac38069eb7c41d9c4 8302 interpreters optional gawk_3.1.3-2.diff.gz + 5a255c7b421ac699804212e10205f22d 871114 interpreters optional gawk_3.1.3-2_i386.deb + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (GNU/Linux) + +iEYEARECAAYFAj9dHWsACgkQgD/uEicUG7DUnACglndvU4LCA0/k36Qp873N0Sau +fCwAoMdgIOUBcUfMqXvVnxdW03ev5bNB +=O7Gh +-----END PGP SIGNATURE----- diff --git a/test/005/evil.changes b/test/005/evil.changes new file mode 100644 index 00000000..7076f608 --- /dev/null +++ b/test/005/evil.changes @@ -0,0 +1,43 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +You: have been 0wned +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +Format: 1.7 +Date: Tue, 9 Sep 2003 01:16:01 +0100 +Source: gawk +Binary: gawk +Architecture: source i386 +Version: 1:3.1.3-2 +Distribution: unstable +Urgency: low +Maintainer: James Troup +Changed-By: James Troup +Description: + gawk - GNU awk, a pattern scanning and processing language +Closes: 204699 204701 +Changes: + gawk (1:3.1.3-2) unstable; urgency=low + . + * debian/control (Standards-Version): bump to 3.6.1.0. + . + * 02_fix-ascii.dpatch: new patch from upstream to fix [[:ascii:]]. + Thanks to for reporting the bug and forwarding it + upstream. Closes: #204701 + . + * 03_fix-high-char-ranges.dpatch: new patch from upstream to fix + [\x80-\xff]. Thanks to for reporting the bug and + forwarding it upstream. Closes: #204699 +Files: + 0e6542c48bcc9d9586fc8ebe4e7242a4 561 interpreters optional gawk_3.1.3-2.dsc + 50a29dce4a2c6e2ac38069eb7c41d9c4 8302 interpreters optional gawk_3.1.3-2.diff.gz + 5a255c7b421ac699804212e10205f22d 871114 interpreters optional gawk_3.1.3-2_i386.deb + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (GNU/Linux) + +iEYEARECAAYFAj9dHWsACgkQgD/uEicUG7DUnACglndvU4LCA0/k36Qp873N0Sau +fCwAoMdgIOUBcUfMqXvVnxdW03ev5bNB +=O7Gh +-----END PGP SIGNATURE----- diff --git a/test/005/test.py b/test/005/test.py new file mode 100755 index 00000000..3f6ca258 --- /dev/null +++ b/test/005/test.py @@ -0,0 +1,57 @@ +#!/usr/bin/env python + +# Check utils.parse_changes()'s for handling of multi-line fields +# Copyright (C) 2004 James Troup +# $Id: test.py,v 1.1 2004-01-21 03:20:52 troup Exp $ + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +################################################################################ + +# Check util.parse_changes() correctly ignores data outside the signed area + +################################################################################ + +import os, sys + +sys.path.append(os.path.abspath('../../')); + +import utils + +################################################################################ + +def fail(message): + sys.stderr.write("%s\n" % (message)); + sys.exit(1); + +################################################################################ + +def main (): + for file in [ "valid", "bogus-pre", "bogus-post", "evil" ]: + for strict_whitespace in [ 0, 1 ]: + if file == "evil" and strict_whitespace == 1: + continue; + try: + changes = utils.parse_changes("%s.changes" % (file), strict_whitespace) + except utils.changes_parse_error_exc, line: + fail("%s[%s]: parse_changes() returned an exception with error message `%s'." % (file, strict_whitespace, line)); + oh_dear = changes.get("you"); + if oh_dear: + fail("%s[%s]: parsed and accepted unsigned data!" % (file, strict_whitespace)); + +################################################################################ + +if __name__ == '__main__': + main() diff --git a/test/005/valid.changes b/test/005/valid.changes new file mode 100644 index 00000000..0e77d27f --- /dev/null +++ b/test/005/valid.changes @@ -0,0 +1,40 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +Format: 1.7 +Date: Tue, 9 Sep 2003 01:16:01 +0100 +Source: gawk +Binary: gawk +Architecture: source i386 +Version: 1:3.1.3-2 +Distribution: unstable +Urgency: low +Maintainer: James Troup +Changed-By: James Troup +Description: + gawk - GNU awk, a pattern scanning and processing language +Closes: 204699 204701 +Changes: + gawk (1:3.1.3-2) unstable; urgency=low + . + * debian/control (Standards-Version): bump to 3.6.1.0. + . + * 02_fix-ascii.dpatch: new patch from upstream to fix [[:ascii:]]. + Thanks to for reporting the bug and forwarding it + upstream. Closes: #204701 + . + * 03_fix-high-char-ranges.dpatch: new patch from upstream to fix + [\x80-\xff]. Thanks to for reporting the bug and + forwarding it upstream. Closes: #204699 +Files: + 0e6542c48bcc9d9586fc8ebe4e7242a4 561 interpreters optional gawk_3.1.3-2.dsc + 50a29dce4a2c6e2ac38069eb7c41d9c4 8302 interpreters optional gawk_3.1.3-2.diff.gz + 5a255c7b421ac699804212e10205f22d 871114 interpreters optional gawk_3.1.3-2_i386.deb + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (GNU/Linux) + +iEYEARECAAYFAj9dHWsACgkQgD/uEicUG7DUnACglndvU4LCA0/k36Qp873N0Sau +fCwAoMdgIOUBcUfMqXvVnxdW03ev5bNB +=O7Gh +-----END PGP SIGNATURE----- diff --git a/utils.py b/utils.py index af196e57..2b40501c 100644 --- a/utils.py +++ b/utils.py @@ -1,8 +1,8 @@ #!/usr/bin/env python # Utility functions -# Copyright (C) 2000, 2001, 2002, 2003 James Troup -# $Id: utils.py,v 1.60 2003-11-17 17:59:29 troup Exp $ +# Copyright (C) 2000, 2001, 2002, 2003, 2004 James Troup +# $Id: utils.py,v 1.61 2004-01-21 03:20:52 troup Exp $ ################################################################################ @@ -182,6 +182,9 @@ def parse_changes(filename, dsc_whitespace_rules=0): index += 1; line = indexed_lines[index]; continue; + # If we're not inside the signed data, don't process anything + if not inside_signature: + continue; slf = re_single_line_field.match(line); if slf: field = slf.groups()[0].lower(); -- 2.39.2