tar-split

mirror of https://github.com/vbatts/tar-split.git synced 2024-11-15 12:58:38 +00:00

History

Aleksa Sarai 3d9db48dbe tar: asm: store padding in chunks to avoid memory exhaustion Previously, we would read the entire padding in a given archive into memory in order to store it in the packer. This would cause memory exhaustion if a malicious archive was crafted with very large amounts of padding. Since a given SegmentType is reconstructed losslessly, we can simply chunk up any padding into large segments to avoid this problem. Use a reasonable default of 1MiB to avoid changing the tar-split.json of existing archives that are not malformed. Fixes: CVE-2017-14992 Signed-off-by: Aleksa Sarai <asarai@suse.de>	2017-11-08 02:34:56 +11:00
..
asm	tar: asm: store padding in chunks to avoid memory exhaustion	2017-11-08 02:34:56 +11:00
storage	Merge pull request #22 from tonistiigi/stream-opt	2015-12-02 14:09:08 -06:00

tar: asm: store padding in chunks to avoid memory exhaustion

Previously, we would read the entire padding in a given archive into
memory in order to store it in the packer. This would cause memory
exhaustion if a malicious archive was crafted with very large amounts of
padding. Since a given SegmentType is reconstructed losslessly, we can
simply chunk up any padding into large segments to avoid this problem.
Use a reasonable default of 1MiB to avoid changing the tar-split.json of
existing archives that are not malformed.

Fixes: CVE-2017-14992
Signed-off-by: Aleksa Sarai <asarai@suse.de>

2017-11-08 02:34:56 +11:00

asm

tar: asm: store padding in chunks to avoid memory exhaustion

2017-11-08 02:34:56 +11:00

storage

Merge pull request #22 from tonistiigi/stream-opt

2015-12-02 14:09:08 -06:00