1
0
Fork 1
mirror of https://github.com/vbatts/tar-split.git synced 2024-12-21 12:56:31 +00:00
Commit graph

42 commits

Author SHA1 Message Date
Aleksa Sarai
99430a8454
tar: asm: add an excess padding test case
To ensure we don't have regressions in our padding fix, add a test case
that attempts to crash the test by creating 20GB of random junk padding.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-11-08 02:35:01 +11:00
Aleksa Sarai
3d9db48dbe
tar: asm: store padding in chunks to avoid memory exhaustion
Previously, we would read the entire padding in a given archive into
memory in order to store it in the packer. This would cause memory
exhaustion if a malicious archive was crafted with very large amounts of
padding. Since a given SegmentType is reconstructed losslessly, we can
simply chunk up any padding into large segments to avoid this problem.
Use a reasonable default of 1MiB to avoid changing the tar-split.json of
existing archives that are not malformed.

Fixes: CVE-2017-14992
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-11-08 02:34:56 +11:00
7410961e75 tar/asm: failing test for lack of EOF nils
Reported-by: Derek McGowan <derek@mcgstyle.net>
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2016-09-26 13:39:03 -07:00
0de4e9db0c Merge pull request #27 from vbatts/bench_asm
tar/asm: basic benchmark on disasm/asm of testdata
2015-12-02 14:09:21 -06:00
1501fe6002 Merge pull request #22 from tonistiigi/stream-opt
Optimize tar stream generation
2015-12-02 14:09:08 -06:00
19b7e22058 tar/asm: basic benchmark on disasm/asm of testdata
```
PASS
BenchmarkAsm-4         5         238968475 ns/op        66841059 B/op       2449 allocs/op
ok      _/home/vbatts/src/vb/tar-split/tar/asm  2.267s
```

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2015-12-02 14:36:02 -05:00
2efe34695a tar/asm: remove unneeded Tee
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2015-12-02 12:56:52 -05:00
Tonis Tiigi
23b6435e6b Optimize tar stream generation
- New writeTo method allows to avoid creating extra pipe.
- Copy with a pooled buffer instead of allocating new buffer for each file.
- Avoid extra object allocations inside the loop.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-12-01 14:08:53 -08:00
10250c25e0 tar/asm: remove useless test
The iso-8859-1 archive is already tested round trip, and this test did
not do anything really.
2015-09-25 14:35:12 -04:00
7e38cefd4b common: remove in favor of stdlib unicode/utf8 2015-09-25 14:33:24 -04:00
cde639172f tar/asm: work with non-utf8 entry names 2015-09-23 15:27:33 -04:00
c76e42010e tar/asm: additional GNU LongLink testcase
Adding a minimal test case for GNU @LongLink.
Tested that it fails on v0.9.5, but now passes on v0.9.6 and master.
2015-08-14 07:55:18 -04:00
Alexander Morozov
93c0a320a8 asm: Remove unreachable code
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-08-12 22:45:39 -07:00
df8572a1eb tar/asm: check length before adding an entry 2015-08-11 15:57:20 -04:00
51b0481d4a tar/asm: adding a failing test due to GNU LongLink 2015-08-11 15:57:20 -04:00
Jonathan Boulle
002d19f0b0 *: clean up assorted spelling/grammar issues
Various minor fixes noticed on walking through
2015-07-22 15:32:49 -04:00
e0e9886972 tar/asm: return instead of break
5ddec2ae4a (commitcomment-12290378)

Reported-by: Tibor Vass <tibor@docker.com>
2015-07-22 11:32:18 -04:00
6d59e7bc76 tar/asm: clean up return on errors
This closure on error message needs returns so that the error message is
bubbled up to the reader.
2015-07-21 12:10:09 -04:00
c74af0bae7 tar/asm: test was flipped 2015-07-20 17:26:16 -04:00
04172717de tar/asm: test for failure when mangling 2015-07-20 16:46:22 -04:00
e33913bf75 tar/asm: don't defer file closing
this `for {}` can read many files. defering the file handle close can
cause an EMFILE (too many open files).
2015-07-15 13:43:48 -04:00
86ada47639 tar/asm: handle nil tar Header
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2015-06-23 12:23:36 -04:00
ae13eaae94 tar/asm: remove uneeded goroutine
Reported-by: Derek McGowan <derek@mcgstyle.net>
2015-06-21 14:14:37 -04:00
46840c585a *: golint and docs 2015-03-09 14:11:11 -04:00
f7b9a6caee tar/asm: comments 2015-03-09 13:56:45 -04:00
4ab9185a57 tar/asm: package docs 2015-03-09 13:54:06 -04:00
d8ebf3c0a7 tar: mv the Getter to tar/storage 2015-03-09 13:20:26 -04:00
ecf0ed43a1 tar/asm: fix a goroutine deadlock 2015-03-06 16:30:48 -05:00
ab2fc5ec40 tar/asm: now testing assemble and disassemble
passing a tar archive through disassembly, then reassembling a tar
stream from it's metadata. Checking size and sha1 of the whole stream.
2015-03-05 14:09:17 -05:00
feaa049730 tar/asm: testing the disassembler
adding an archive to pass through and check that it is precisely the
same archive on the handed through io.Reader.
2015-03-05 11:21:01 -05:00
686addad77 tar/asm: comment on error 2015-03-03 14:27:37 -05:00
4f1bde4d13 tar/asm: FileType entry with crc64 checksum 2015-03-03 14:23:04 -05:00
962589aca7 tar/asm: first pass at a disassembler 2015-03-02 16:49:53 -05:00
4e27d04b0b tar/asm: DiscardFilePutter and stub disassemble
Have a bit-bucket FilePutter, for when it does not matter.

Beginning thoughts on disassembly, but it has things that need thought.
Mostly comments in the function for now.
2015-03-02 15:25:03 -05:00
ccf6fa61a6 tar/asm: tests and fix 2015-02-28 12:47:55 -05:00
0c9efa4324 tar/asm: finish the buffer FileGetPutter 2015-02-27 17:36:24 -05:00
86bf4b98ea tar/asm: more interface for (dis)assembly 2015-02-27 16:54:41 -05:00
891685f740 tar/asm: another thought on clobbered files 2015-02-25 16:53:31 -05:00
6814b938af tar/asm: adding thoughts on concerns 2015-02-25 16:26:47 -05:00
081c5b9feb tar/asm: clarify acronym 2015-02-25 14:40:49 -05:00
e1206b43a6 tar/asm: add FileGetter and concerns in README 2015-02-25 12:56:40 -05:00
7ccbb9d40c tar/asm: initial assmebly of tar stream 2015-02-24 17:07:00 -05:00