1
0
Fork 1
mirror of https://github.com/vbatts/tar-split.git synced 2024-12-19 03:46:30 +00:00
Commit graph

15 commits

Author SHA1 Message Date
Aleksa Sarai
3d9db48dbe
tar: asm: store padding in chunks to avoid memory exhaustion
Previously, we would read the entire padding in a given archive into
memory in order to store it in the packer. This would cause memory
exhaustion if a malicious archive was crafted with very large amounts of
padding. Since a given SegmentType is reconstructed losslessly, we can
simply chunk up any padding into large segments to avoid this problem.
Use a reasonable default of 1MiB to avoid changing the tar-split.json of
existing archives that are not malformed.

Fixes: CVE-2017-14992
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-11-08 02:34:56 +11:00
cde639172f tar/asm: work with non-utf8 entry names 2015-09-23 15:27:33 -04:00
df8572a1eb tar/asm: check length before adding an entry 2015-08-11 15:57:20 -04:00
Jonathan Boulle
002d19f0b0 *: clean up assorted spelling/grammar issues
Various minor fixes noticed on walking through
2015-07-22 15:32:49 -04:00
6d59e7bc76 tar/asm: clean up return on errors
This closure on error message needs returns so that the error message is
bubbled up to the reader.
2015-07-21 12:10:09 -04:00
86ada47639 tar/asm: handle nil tar Header
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2015-06-23 12:23:36 -04:00
ae13eaae94 tar/asm: remove uneeded goroutine
Reported-by: Derek McGowan <derek@mcgstyle.net>
2015-06-21 14:14:37 -04:00
f7b9a6caee tar/asm: comments 2015-03-09 13:56:45 -04:00
d8ebf3c0a7 tar: mv the Getter to tar/storage 2015-03-09 13:20:26 -04:00
ecf0ed43a1 tar/asm: fix a goroutine deadlock 2015-03-06 16:30:48 -05:00
ab2fc5ec40 tar/asm: now testing assemble and disassemble
passing a tar archive through disassembly, then reassembling a tar
stream from it's metadata. Checking size and sha1 of the whole stream.
2015-03-05 14:09:17 -05:00
feaa049730 tar/asm: testing the disassembler
adding an archive to pass through and check that it is precisely the
same archive on the handed through io.Reader.
2015-03-05 11:21:01 -05:00
4f1bde4d13 tar/asm: FileType entry with crc64 checksum 2015-03-03 14:23:04 -05:00
962589aca7 tar/asm: first pass at a disassembler 2015-03-02 16:49:53 -05:00
4e27d04b0b tar/asm: DiscardFilePutter and stub disassemble
Have a bit-bucket FilePutter, for when it does not matter.

Beginning thoughts on disassembly, but it has things that need thought.
Mostly comments in the function for now.
2015-03-02 15:25:03 -05:00