From 576b2737620ba2ca0fb6c27552c2dfa8eadb0072 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?H=C3=A5vard=20Haugen?= <havard.haugen@gmail.com>
Date: Wed, 27 May 2015 10:44:44 +0200
Subject: [PATCH] archive/tar: don't panic on negative file size

Fixes #10959.
Fixes #10960.

Change-Id: I9a81a0e2b8275338d0d1c3f7f7265e0fd91f3de2
Reviewed-on: https://go-review.googlesource.com/10402
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: David Symonds <dsymonds@golang.org>

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
---
 archive/tar/reader.go             |   4 ++++
 archive/tar/reader_test.go        |  16 ++++++++++++++++
 archive/tar/testdata/neg-size.tar | Bin 0 -> 512 bytes
 3 files changed, 20 insertions(+)
 create mode 100644 archive/tar/testdata/neg-size.tar

diff --git a/archive/tar/reader.go b/archive/tar/reader.go
index c72e002..0b0c3b1 100644
--- a/archive/tar/reader.go
+++ b/archive/tar/reader.go
@@ -553,6 +553,10 @@ func (tr *Reader) readHeader() *Header {
 	hdr.Uid = int(tr.octal(s.next(8)))
 	hdr.Gid = int(tr.octal(s.next(8)))
 	hdr.Size = tr.octal(s.next(12))
+	if hdr.Size < 0 {
+		tr.err = ErrHeader
+		return nil
+	}
 	hdr.ModTime = time.Unix(tr.octal(s.next(12)), 0)
 	s.next(8) // chksum
 	hdr.Typeflag = s.next(1)[0]
diff --git a/archive/tar/reader_test.go b/archive/tar/reader_test.go
index 9601ffe..ab1e844 100644
--- a/archive/tar/reader_test.go
+++ b/archive/tar/reader_test.go
@@ -741,3 +741,19 @@ func TestUninitializedRead(t *testing.T) {
 	}
 
 }
+
+// Negative header size should not cause panic.
+// Issues 10959 and 10960.
+func TestNegativeHdrSize(t *testing.T) {
+	f, err := os.Open("testdata/neg-size.tar")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer f.Close()
+	r := NewReader(f)
+	_, err = r.Next()
+	if err != ErrHeader {
+		t.Error("want ErrHeader, got", err)
+	}
+	io.Copy(ioutil.Discard, r)
+}
diff --git a/archive/tar/testdata/neg-size.tar b/archive/tar/testdata/neg-size.tar
new file mode 100644
index 0000000000000000000000000000000000000000..5deea3d05c4da5a4ddda34ef7ad781088464e71b
GIT binary patch
literal 512
zcma)(!3}~i7=@d#07(~c0h9N)Na`Hy;GL8N4j!7YfmcUy4Hj^R-s|6LkswAdq{%Dq
zeeYEkfGqY#(eVIvtUD=3dmgO>+WvmJu?!(Z2_k7dfq;C)3dnfX`l0#IeAe0qQ-^2=
z|8jB*JI{8kO)-jdf^$wdJ_vEWkPIQXm^d{2NhUoLEEza^mVV&QNE^63LaKtd9rtDs
zE<V?0s9nma_>>me;9Em{+eZ^Y>snQ&s!17bkhjcz=H=J(=e>|P(sS8Gxj+6N@Z7t^
E15rerKmY&$

literal 0
HcmV?d00001