forked from mirrors/tar-split
archive/tar: fix slice bounds out of range
Sanity check the pax-header size field before using it. Fixes #11167. Change-Id: I9d5d0210c3990e6fb9434c3fe333be0d507d5962 Reviewed-on: https://go-review.googlesource.com/10954 Reviewed-by: David Symonds <dsymonds@golang.org> Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
This commit is contained in:
parent
55dceefe42
commit
69de764807
2 changed files with 9 additions and 4 deletions
|
@ -397,7 +397,7 @@ func parsePAX(r io.Reader) (map[string]string, error) {
|
||||||
}
|
}
|
||||||
// Parse the first token as a decimal integer.
|
// Parse the first token as a decimal integer.
|
||||||
n, err := strconv.ParseInt(string(buf[:sp]), 10, 0)
|
n, err := strconv.ParseInt(string(buf[:sp]), 10, 0)
|
||||||
if err != nil {
|
if err != nil || n < 5 || int64(len(buf)) < n {
|
||||||
return nil, ErrHeader
|
return nil, ErrHeader
|
||||||
}
|
}
|
||||||
// Extract everything between the decimal and the n -1 on the
|
// Extract everything between the decimal and the n -1 on the
|
||||||
|
|
|
@ -462,9 +462,14 @@ func TestParsePAXHeader(t *testing.T) {
|
||||||
t.Error("Buffer wasn't consumed")
|
t.Error("Buffer wasn't consumed")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
badHeader := bytes.NewReader([]byte("3 somelongkey="))
|
badHeaderTests := [][]byte{
|
||||||
if _, err := parsePAX(badHeader); err != ErrHeader {
|
[]byte("3 somelongkey=\n"),
|
||||||
t.Fatal("Unexpected success when parsing bad header")
|
[]byte("50 tooshort=\n"),
|
||||||
|
}
|
||||||
|
for _, test := range badHeaderTests {
|
||||||
|
if _, err := parsePAX(bytes.NewReader(test)); err != ErrHeader {
|
||||||
|
t.Fatal("Unexpected success when parsing bad header")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue