mirrors/tar-split
1
0
Fork 1
mirror of https://github.com/vbatts/tar-split.git synced 2024-11-15 21:08:37 +00:00
Code Releases Activity
152 commits 8 branches 29 tags 4.2 MiB
Commit graph

6 commits

Author SHA1 Message Date
Joe Tsai
af15385a0d archive/tar: fix bugs with sparseFileReader 
The sparseFileReader is prone to two different forms of
denial-of-service attacks:
* A malicious tar file can cause an infinite loop
* A malicious tar file can cause arbitrary panics

This results because of poor error checking/handling, which this
CL fixes. While we are at it, add a plethora of unit tests to
test for possible malicious inputs.

Change-Id: I2f9446539d189f3c1738a1608b0ad4859c1be929
Reviewed-on: https://go-review.googlesource.com/15115
Reviewed-by: Andrew Gerrand <adg@golang.org>
Run-TryBot: Andrew Gerrand <adg@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
 2016-02-02 14:06:30 -05:00
Michael Gehring
2e5698249c archive/tar: add missing error checks 
Check for errors when reading the headers following the pax headers.

Fixes #11169.

Change-Id: Ifec4a949ec8df8b49fa7cb7a67eb826fe2282ad8
Reviewed-on: https://go-review.googlesource.com/11031
Reviewed-by: Russ Cox <rsc@golang.org>

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
 2015-08-21 00:15:22 -04:00
Michael Gehring
69de764807 archive/tar: fix slice bounds out of range 
Sanity check the pax-header size field before using it.

Fixes #11167.

Change-Id: I9d5d0210c3990e6fb9434c3fe333be0d507d5962
Reviewed-on: https://go-review.googlesource.com/10954
Reviewed-by: David Symonds <dsymonds@golang.org>

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
 2015-08-21 00:15:22 -04:00
Håvard Haugen
55dceefe42 archive/tar: terminate when reading malformed sparse files 
Fixes #10968.

Change-Id: I027bc571a71629ac49c2a0ff101b2950af6e7531
Reviewed-on: https://go-review.googlesource.com/10482
Reviewed-by: David Symonds <dsymonds@golang.org>
Run-TryBot: David Symonds <dsymonds@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
 2015-08-21 00:15:22 -04:00
Håvard Haugen
576b273762 archive/tar: don't panic on negative file size 
Fixes #10959.
Fixes #10960.

Change-Id: I9a81a0e2b8275338d0d1c3f7f7265e0fd91f3de2
Reviewed-on: https://go-review.googlesource.com/10402
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: David Symonds <dsymonds@golang.org>

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
 2015-08-21 00:15:22 -04:00
Vincent Batts
64426b0aae archive/tar: adding from go as of a9dddb53f 2015-02-11 14:08:03 +01:00