From 2424f4e36723fbc7a4e06fff5878a151ae270952 Mon Sep 17 00:00:00 2001
From: Matt Layher <mdlayher@gmail.com>
Date: Thu, 27 Aug 2015 14:52:06 -0400
Subject: [PATCH] archive/tar: make output deterministic

Replaces PID in PaxHeaders with 0.  Sorts PAX header keys before writing
them to the archive.

Fixes #12358

Change-Id: If239f89c85f1c9d9895a253fb06a47ad44960124
Reviewed-on: https://go-review.googlesource.com/13975
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Joe Tsai <joetsai@digital-static.net>
---
 archive/tar/common.go             |  11 ++++++++
 archive/tar/reader.go             |  24 +++++++++++------
 archive/tar/reader_test.go        |  43 ++++++++++++++++++++++++++++++
 archive/tar/testdata/hdr-only.tar | Bin 0 -> 10240 bytes
 archive/tar/testdata/neg-size.tar | Bin 512 -> 512 bytes
 5 files changed, 70 insertions(+), 8 deletions(-)
 create mode 100644 archive/tar/testdata/hdr-only.tar

diff --git a/archive/tar/common.go b/archive/tar/common.go
index c31df06..36f4e23 100644
--- a/archive/tar/common.go
+++ b/archive/tar/common.go
@@ -327,3 +327,14 @@ func toASCII(s string) string {
 	}
 	return buf.String()
 }
+
+// isHeaderOnlyType checks if the given type flag is of the type that has no
+// data section even if a size is specified.
+func isHeaderOnlyType(flag byte) bool {
+	switch flag {
+	case TypeLink, TypeSymlink, TypeChar, TypeBlock, TypeDir, TypeFifo:
+		return true
+	default:
+		return false
+	}
+}
diff --git a/archive/tar/reader.go b/archive/tar/reader.go
index cce9d23..6360b4e 100644
--- a/archive/tar/reader.go
+++ b/archive/tar/reader.go
@@ -179,6 +179,13 @@ func (tr *Reader) Next() (*Header, error) {
 			return nil, err
 		}
 		if sp != nil {
+			// Sparse files do not make sense when applied to the special header
+			// types that never have a data section.
+			if isHeaderOnlyType(hdr.Typeflag) {
+				tr.err = ErrHeader
+				return nil, tr.err
+			}
+
 			// Current file is a PAX format GNU sparse file.
 			// Set the current file reader to a sparse file reader.
 			tr.curr, tr.err = newSparseFileReader(tr.curr, sp, hdr.Size)
@@ -622,10 +629,6 @@ func (tr *Reader) readHeader() *Header {
 	hdr.Uid = int(tr.octal(s.next(8)))
 	hdr.Gid = int(tr.octal(s.next(8)))
 	hdr.Size = tr.octal(s.next(12))
-	if hdr.Size < 0 {
-		tr.err = ErrHeader
-		return nil
-	}
 	hdr.ModTime = time.Unix(tr.octal(s.next(12)), 0)
 	s.next(8) // chksum
 	hdr.Typeflag = s.next(1)[0]
@@ -676,12 +679,17 @@ func (tr *Reader) readHeader() *Header {
 		return nil
 	}
 
-	// Maximum value of hdr.Size is 64 GB (12 octal digits),
-	// so there's no risk of int64 overflowing.
-	nb := int64(hdr.Size)
-	tr.pad = -nb & (blockSize - 1) // blockSize is a power of two
+	nb := hdr.Size
+	if isHeaderOnlyType(hdr.Typeflag) {
+		nb = 0
+	}
+	if nb < 0 {
+		tr.err = ErrHeader
+		return nil
+	}
 
 	// Set the current file reader.
+	tr.pad = -nb & (blockSize - 1) // blockSize is a power of two
 	tr.curr = &regFileReader{r: tr.r, nb: nb}
 
 	// Check for old GNU sparse format entry.
diff --git a/archive/tar/reader_test.go b/archive/tar/reader_test.go
index 90b8b46..3c98f4d 100644
--- a/archive/tar/reader_test.go
+++ b/archive/tar/reader_test.go
@@ -893,3 +893,46 @@ func TestReadTruncation(t *testing.T) {
 		}
 	}
 }
+
+// TestReadHeaderOnly tests that Reader does not attempt to read special
+// header-only files.
+func TestReadHeaderOnly(t *testing.T) {
+	f, err := os.Open("testdata/hdr-only.tar")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	defer f.Close()
+
+	var hdrs []*Header
+	tr := NewReader(f)
+	for {
+		hdr, err := tr.Next()
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			t.Errorf("Next(): got %v, want %v", err, nil)
+			continue
+		}
+		hdrs = append(hdrs, hdr)
+
+		// If a special flag, we should read nothing.
+		cnt, _ := io.ReadFull(tr, []byte{0})
+		if cnt > 0 && hdr.Typeflag != TypeReg {
+			t.Errorf("ReadFull(...): got %d bytes, want 0 bytes", cnt)
+		}
+	}
+
+	// File is crafted with 16 entries. The later 8 are identical to the first
+	// 8 except that the size is set.
+	if len(hdrs) != 16 {
+		t.Fatalf("len(hdrs): got %d, want %d", len(hdrs), 16)
+	}
+	for i := 0; i < 8; i++ {
+		var hdr1, hdr2 = hdrs[i+0], hdrs[i+8]
+		hdr1.Size, hdr2.Size = 0, 0
+		if !reflect.DeepEqual(*hdr1, *hdr2) {
+			t.Errorf("incorrect header:\ngot  %+v\nwant %+v", *hdr1, *hdr2)
+		}
+	}
+}
diff --git a/archive/tar/testdata/hdr-only.tar b/archive/tar/testdata/hdr-only.tar
new file mode 100644
index 0000000000000000000000000000000000000000..f25034083de6e0176e429f939875def6eb78cc73
GIT binary patch
literal 10240
zcmeI2ZE}J@42Ji2Pq95gv)>o#1+ajk2rWokd-`UnK%I_CXNW`V?jLp5$;Lb+o4jM3
zRS%4K0WN2N31Pu$!vOG|0DSEi6Vf<ijdq|J2(a2RZixMA%{TQfsyJusGTGHpcJj!i
zSf1Sb!y9RqmelTh%2to!Z$Mbj-zi|+Qak4D-#q_3p$_v!{>BdZFVz=+!#Geo7WlKr
zRl;AI>}kUnRryx%w0!65X8WAPynIb6zQg@I`q=ZhT;AVZ14uaInh{t<Rh(zVhVsmd
z`44zEboYOo|5D?1!9|+U7pEJq|3#DMl<d9jmcPXsf3g2l(mCu8g_O!MuBaXJ_NU_S
ze<U`xho<%_u1^u3I*z6=bJm6rjJ0F>zn(ux&A2{mb)wBl`42<QMBb5`srOsz^53R}
zb8bZb<NT-m{3jKTi(H2KPtJc4kzfD6;ct}l{1r%n{I^+MXT)>&RQXR%ispcL7W$7F
z`oDwzV^q+8Xow$MornI@^B?pdod1LVbIgk3(>1Qxw*Nb){{{Vr0_`Z9LH`*QrhogT
zdFVfV{nxJ3f3W@s{fGXsn}`0>@$ct<6aa(%Lr<TvdFVes_=CdvFX%t?Pry9%pN{`G
k{RiuR(0}Op&qM#|`49RJ{{JKBKlJ>=2_XU@0=FB1PuCY>1poj5

literal 0
HcmV?d00001

diff --git a/archive/tar/testdata/neg-size.tar b/archive/tar/testdata/neg-size.tar
index 5deea3d05c4da5a4ddda34ef7ad781088464e71b..21edf38cc3c3d98c834d07b6d31e8325898ec492 100644
GIT binary patch
delta 20
bcmZo*X<(T!h11Z`)Xd0`LBU|-++;=oIaUQ|

delta 20
ZcmZo*X<(T!g|mSH1ZGb%+&DLx5db<)1;zjX