mirrors
/
tar-split
mirror of https://github.com/vbatts/tar-split.git
1
0
Fork 1
Code Releases Activity
238 Commits 9 Branches 27 Tags 4.8 MiB
Commit Graph

17 Commits

Author SHA1 Message Date
Miloslav Trmač cd197d3076 Correctly handle Read returning (0, nil) 
It's not an EOF indication.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2023-07-22 02:35:45 +02:00
Vincent Batts b6372414e5
tar/asm: don't add a padding entry if it has no bytes 
Fixes #65

if the read bytes is 0, then don't even create the entry for that
padding.
This sounds like the solution for the issue opened, but I haven't found
a reproducer for this issue yet. :-\

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
 2023-07-21 09:02:43 -04:00
Aleksa Sarai 3d9db48dbe
tar: asm: store padding in chunks to avoid memory exhaustion 
Previously, we would read the entire padding in a given archive into
memory in order to store it in the packer. This would cause memory
exhaustion if a malicious archive was crafted with very large amounts of
padding. Since a given SegmentType is reconstructed losslessly, we can
simply chunk up any padding into large segments to avoid this problem.
Use a reasonable default of 1MiB to avoid changing the tar-split.json of
existing archives that are not malformed.

Fixes: CVE-2017-14992
Signed-off-by: Aleksa Sarai <asarai@suse.de>
 2017-11-08 02:34:56 +11:00
Vincent Batts cde639172f tar/asm: work with non-utf8 entry names 2015-09-23 15:27:33 -04:00
Vincent Batts df8572a1eb tar/asm: check length before adding an entry 2015-08-11 15:57:20 -04:00
Jonathan Boulle 002d19f0b0 *: clean up assorted spelling/grammar issues 
Various minor fixes noticed on walking through
 2015-07-22 15:32:49 -04:00
Vincent Batts 6d59e7bc76 tar/asm: clean up return on errors 
This closure on error message needs returns so that the error message is
bubbled up to the reader.
 2015-07-21 12:10:09 -04:00
Vincent Batts 86ada47639 tar/asm: handle nil tar Header 
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
 2015-06-23 12:23:36 -04:00
Vincent Batts ae13eaae94 tar/asm: remove uneeded goroutine 
Reported-by: Derek McGowan <derek@mcgstyle.net>
 2015-06-21 14:14:37 -04:00
Vincent Batts f7b9a6caee tar/asm: comments 2015-03-09 13:56:45 -04:00
Vincent Batts d8ebf3c0a7 tar: mv the Getter to tar/storage 2015-03-09 13:20:26 -04:00
Vincent Batts ecf0ed43a1 tar/asm: fix a goroutine deadlock 2015-03-06 16:30:48 -05:00
Vincent Batts ab2fc5ec40 tar/asm: now testing assemble and disassemble 
passing a tar archive through disassembly, then reassembling a tar
stream from it's metadata. Checking size and sha1 of the whole stream.
 2015-03-05 14:09:17 -05:00
Vincent Batts feaa049730 tar/asm: testing the disassembler 
adding an archive to pass through and check that it is precisely the
same archive on the handed through io.Reader.
 2015-03-05 11:21:01 -05:00
Vincent Batts 4f1bde4d13 tar/asm: FileType entry with crc64 checksum 2015-03-03 14:23:04 -05:00
Vincent Batts 962589aca7 tar/asm: first pass at a disassembler 2015-03-02 16:49:53 -05:00
Vincent Batts 4e27d04b0b tar/asm: DiscardFilePutter and stub disassemble 
Have a bit-bucket FilePutter, for when it does not matter.

Beginning thoughts on disassembly, but it has things that need thought.
Mostly comments in the function for now.
 2015-03-02 15:25:03 -05:00