Add a test-case for invalid intermediate symlink owner (CVE-2021-35939)

This should've been in commit 96ec957 but back then we didn't have a good way to test ownership matters.
pmatilai · Nov 14, 2023 · 0091214 · 0091214
1 parent 89ce4e7
commit 0091214
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/tests/rpmi.at b/tests/rpmi.at
@@ -1539,3 +1539,24 @@ plong
 [ignore])
 
 RPMTEST_CLEANUP
+
+AT_SETUP([install on invalid symlinked directory])
+AT_KEYWORDS([install])
+RPMDB_INIT
+
+runroot rpmbuild --quiet -bb \
+          /data/SPECS/replacetest.spec
+
+RPMTEST_CHECK([
+runroot_other mv /opt /opt.was
+runroot_other ln -s /opt.was /opt
+runroot_other chown -h nobody:nobody /opt
+runroot --setenv SOURCE_DATE_EPOCH 1699955855 rpm -U /build/RPMS/noarch/replacetest-1.0-1.noarch.rpm
+],
+[1],
+[],
+[error: failed to open dir opt of /opt/: Not a directory
+error: unpacking of archive failed on file /opt/foo;6553448f: cpio: open failed - Not a directory
+error: replacetest-1.0-1.noarch: install failed
+])
+RPMTEST_CLEANUP