mirrors/tar-split
1
0
Fork 1
mirror of https://github.com/vbatts/tar-split.git synced 2025-02-15 22:17:51 +00:00
Code Releases Activity

Merge pull request #83 from vbatts/patch_archive_tar_writer

Browse source 
archive/tar: fix the archive/tar.Writer CVE
This commit is contained in:
Vincent Batts 2025-01-30 14:52:02 -08:00 committed by GitHub
commit a4bd92b334
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 40 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
archive/tar/reader_test.go
View file

@ -6,6 +6,7 @@ package tar
import ( import (
"bytes" "bytes"
"compress/bzip2"
"crypto/md5" "crypto/md5"
"errors" "errors"
"fmt" "fmt"
@ -243,6 +244,9 @@ func TestReader(t *testing.T) {
}, { }, {
file: "testdata/pax-bad-hdr-file.tar", file: "testdata/pax-bad-hdr-file.tar",
err: ErrHeader, err: ErrHeader,
}, {
file: "testdata/pax-bad-hdr-large.tar.bz2",
err: ErrFieldTooLong,
}, { }, {
file: "testdata/pax-bad-mtime-file.tar", file: "testdata/pax-bad-mtime-file.tar",
err: ErrHeader, err: ErrHeader,
@ -625,9 +629,14 @@ func TestReader(t *testing.T) {
} }
defer f.Close() defer f.Close()
var fr io.Reader = f
if strings.HasSuffix(v.file, ".bz2") {
fr = bzip2.NewReader(fr)
}
// Capture all headers and checksums. // Capture all headers and checksums.
var ( var (
tr = NewReader(f) tr = NewReader(fr)
hdrs []*Header hdrs []*Header
chksums []string chksums []string
rdbuf = make([]byte, 8) rdbuf = make([]byte, 8)

BIN
archive/tar/testdata/pax-bad-hdr-large.tar.bz2 vendored Normal file
View file

Binary file not shown.

3
archive/tar/writer.go
View file

@ -199,6 +199,9 @@ func (tw *Writer) writePAXHeader(hdr *Header, paxHdrs map[string]string) error {
flag = TypeXHeader flag = TypeXHeader
} }
data := buf.String() data := buf.String()
if len(data) > maxSpecialFileSize {
return ErrFieldTooLong
}
if err := tw.writeRawFile(name, data, flag, FormatPAX); err != nil || isGlobal { if err := tw.writeRawFile(name, data, flag, FormatPAX); err != nil || isGlobal {
return err // Global headers return here return err // Global headers return here
} }

27
archive/tar/writer_test.go
View file

@ -1006,6 +1006,33 @@ func TestIssue12594(t *testing.T) {
} }
} }
func TestWriteLongHeader(t *testing.T) {
for _, test := range []struct {
name string
h *Header
}{{
name: "name too long",
h: &Header{Name: strings.Repeat("a", maxSpecialFileSize)},
}, {
name: "linkname too long",
h: &Header{Linkname: strings.Repeat("a", maxSpecialFileSize)},
}, {
name: "uname too long",
h: &Header{Uname: strings.Repeat("a", maxSpecialFileSize)},
}, {
name: "gname too long",
h: &Header{Gname: strings.Repeat("a", maxSpecialFileSize)},
}, {
name: "PAX header too long",
h: &Header{PAXRecords: map[string]string{"GOLANG.x": strings.Repeat("a", maxSpecialFileSize)}},
}} {
w := NewWriter(io.Discard)
if err := w.WriteHeader(test.h); err != ErrFieldTooLong {
t.Errorf("%v: w.WriteHeader() = %v, want ErrFieldTooLong", test.name, err)
}
}
}
// testNonEmptyWriter wraps an io.Writer and ensures that // testNonEmptyWriter wraps an io.Writer and ensures that
// Write is never called with an empty buffer. // Write is never called with an empty buffer.
type testNonEmptyWriter struct{ io.Writer } type testNonEmptyWriter struct{ io.Writer }