forked from mirrors/tar-split
af15385a0d
The sparseFileReader is prone to two different forms of denial-of-service attacks: * A malicious tar file can cause an infinite loop * A malicious tar file can cause arbitrary panics This results because of poor error checking/handling, which this CL fixes. While we are at it, add a plethora of unit tests to test for possible malicious inputs. Change-Id: I2f9446539d189f3c1738a1608b0ad4859c1be929 Reviewed-on: https://go-review.googlesource.com/15115 Reviewed-by: Andrew Gerrand <adg@golang.org> Run-TryBot: Andrew Gerrand <adg@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> |
||
---|---|---|
.. | ||
testdata | ||
common.go | ||
example_test.go | ||
reader.go | ||
reader_test.go | ||
stat_atim.go | ||
stat_atimespec.go | ||
stat_unix.go | ||
tar_test.go | ||
writer.go | ||
writer_test.go |