tar-split

mirror of https://github.com/vbatts/tar-split.git synced 2025-02-08 19:13:33 +00:00

History

Vincent Batts 1c425c4aaa archive/tar: fix for CVE-2022-2879 Fixes: #76 In a specially crafted tar archive can cause `io.ReadAll()` to overrun the memory. The fix is taken from upstream golang, as this tar-split repo carries an old fork from upstream. Thanks to @tojoos and @bainsy88 for reporting. References: - https://nvd.nist.gov/vuln/detail/cve-2022-2879 - https://github.com/golang/go/commit/0bf7ee9 - https://go-review.googlesource.com/c/go/+/439355/2/src/archive/tar/reader.go#106 Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>		2025-01-20 10:25:58 -05:00
..
testdata	archive/tar: replace with one from go-1.11	2018-09-05 14:04:10 -07:00
common.go	archive/tar: replace with one from go-1.11	2018-09-05 14:04:10 -07:00
example_test.go	archive/tar: replace with one from go-1.11	2018-09-05 14:04:10 -07:00
format.go	archive/tar: fix for CVE-2022-2879	2025-01-20 10:25:58 -05:00
reader.go	archive/tar: fix for CVE-2022-2879	2025-01-20 10:25:58 -05:00
reader_test.go	chore: remove refs to deprecated io/ioutil	2023-07-20 23:00:46 +08:00
stat_actime1.go	archive/tar: replace with one from go-1.11	2018-09-05 14:04:10 -07:00
stat_actime2.go	archive/tar: replace with one from go-1.11	2018-09-05 14:04:10 -07:00
stat_unix.go	archive/tar: replace with one from go-1.11	2018-09-05 14:04:10 -07:00
strconv.go	archive/tar: replace with one from go-1.11	2018-09-05 14:04:10 -07:00
strconv_test.go	archive/tar: replace with one from go-1.11	2018-09-05 14:04:10 -07:00
tar_test.go	chore: remove refs to deprecated io/ioutil	2023-07-20 23:00:46 +08:00
writer.go	archive/tar: replace with one from go-1.11	2018-09-05 14:04:10 -07:00
writer_test.go	chore: remove refs to deprecated io/ioutil	2023-07-20 23:00:46 +08:00