[Bug 1001209] Re: When connected to a network with a catch-all HTTP filter, apt-get update corrupts the package lists
Paul F
boxjunk at hotmail.co.uk
Tue Sep 25 14:24:04 UTC 2012
Still present in 12.04 LTS, Precise running apt 0.8.16
In my case the corrupted package list files in /var/lib/apt/lists are
caused by the router redirecting to an internal help page when it
realises that its internet connection is down. So, when a fetch is
attempted from, say gb.archive.ubuntu.com/ubuntu/dists/precise-
updates/universe/binary-i386/Packages when checking for updates what
comes back is the html source from the router's help page (example
attached -- line 52 contains the requested url).
It would appear that no sanity check is done on the returned data
leaving subsequent parse attempts to choke. The corrupted files remain
and may propagate (???) causing other update failures.
On a security note, it occurs to me that an attacker in control of the
router could return crafted files in place of apt's package lists to
introduce malware as part of the normal automated update process. I
trust checks are in place to prevent this???
** Attachment added: "Example corrupted package list file from /var/lib/apt/lists"
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1001209/+attachment/3341765/+files/gb.archive.ubuntu.com_ubuntu_dists_precise-updates_universe_binary-i386_Packages.IndexDiff
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1001209
Title:
When connected to a network with a catch-all HTTP filter, apt-get
update corrupts the package lists
Status in “apt” package in Ubuntu:
Confirmed
Bug description:
I need to log on through a webpage before I can access the internet on some networks.
Before that all HTTP requests are forwarded to a log-on page.
When apt-get update is being run in the background before this log-on
has happened, it will corrupt the package lists with this log-on page.
I need to manually remove multiple files in /var/lib/apt/lists/ then
before I can rerun apt-get update.
When apt-get update gets invalid data, it should not corrupt its
package lists.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: apt 0.8.16~exp12ubuntu10
Uname: Linux 3.4.0-rc5-drm-intel-test-20120511 x86_64
ApportVersion: 2.0.1-0ubuntu7
Architecture: amd64
Date: Fri May 18 13:33:45 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Alpha amd64 (20120204)
ProcEnviron:
LANGUAGE=nl_NL
TERM=xterm
PATH=(custom, user)
LANG=nl_NL.UTF-8
SHELL=/bin/bash
SourcePackage: apt
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1001209/+subscriptions
More information about the foundations-bugs
mailing list