tar-split

mirrors/tar-split

Fork 1

mirror of https://github.com/vbatts/tar-split.git synced 2025-02-21 10:09:01 +00:00

Commit graph

Author	SHA1	Message	Date
Vincent Batts	1c425c4aaa	archive/tar: fix for CVE-2022-2879 Fixes: #76 In a specially crafted tar archive can cause `io.ReadAll()` to overrun the memory. The fix is taken from upstream golang, as this tar-split repo carries an old fork from upstream. Thanks to @tojoos and @bainsy88 for reporting. References: - https://nvd.nist.gov/vuln/detail/cve-2022-2879 - https://github.com/golang/go/commit/0bf7ee9 - https://go-review.googlesource.com/c/go/+/439355/2/src/archive/tar/reader.go#106 Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>	2025-01-20 10:25:58 -05:00
Kir Kolyshkin	73fdb78c36	archive/tar: replace with one from go-1.11 The RawAccounting changes are to be ported on top. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>	2018-09-05 14:04:10 -07:00

Author

SHA1

Message

Date

Vincent Batts

1c425c4aaa

archive/tar: fix for CVE-2022-2879

Fixes: #76

In a specially crafted tar archive can cause `io.ReadAll()` to overrun
the memory.
The fix is taken from upstream golang, as this tar-split repo carries an
old fork from upstream.

Thanks to @tojoos and @bainsy88 for reporting.

References:
- https://nvd.nist.gov/vuln/detail/cve-2022-2879
- https://github.com/golang/go/commit/0bf7ee9
- https://go-review.googlesource.com/c/go/+/439355/2/src/archive/tar/reader.go#106

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>

2025-01-20 10:25:58 -05:00

Kir Kolyshkin

73fdb78c36

archive/tar: replace with one from go-1.11

The RawAccounting changes are to be ported on top.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

2018-09-05 14:04:10 -07:00

2 commits