1
0
Fork 0
forked from mirrors/tar-split
tar-split/archive/tar
Joe Tsai af15385a0d archive/tar: fix bugs with sparseFileReader
The sparseFileReader is prone to two different forms of
denial-of-service attacks:
* A malicious tar file can cause an infinite loop
* A malicious tar file can cause arbitrary panics

This results because of poor error checking/handling, which this
CL fixes. While we are at it, add a plethora of unit tests to
test for possible malicious inputs.

Change-Id: I2f9446539d189f3c1738a1608b0ad4859c1be929
Reviewed-on: https://go-review.googlesource.com/15115
Reviewed-by: Andrew Gerrand <adg@golang.org>
Run-TryBot: Andrew Gerrand <adg@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2016-02-02 14:06:30 -05:00
..
testdata archive/tar: fix round-trip attributes 2015-08-21 00:15:22 -04:00
common.go archive/tar: move round-trip reading into common os file 2015-08-21 00:15:22 -04:00
example_test.go archive/tar: adding from go as of a9dddb53f 2015-02-11 14:08:03 +01:00
reader.go archive/tar: fix bugs with sparseFileReader 2016-02-02 14:06:30 -05:00
reader_test.go archive/tar: fix bugs with sparseFileReader 2016-02-02 14:06:30 -05:00
stat_atim.go archive/tar: adding from go as of a9dddb53f 2015-02-11 14:08:03 +01:00
stat_atimespec.go archive/tar: adding from go as of a9dddb53f 2015-02-11 14:08:03 +01:00
stat_unix.go archive/tar: don't treat multiple file system links as a tar hardlink 2015-08-21 00:15:22 -04:00
tar_test.go archive/tar: move round-trip reading into common os file 2015-08-21 00:15:22 -04:00
writer.go archive/tar: remove dead code with USTAR path splitting 2016-02-02 14:06:30 -05:00
writer_test.go archive/tar: remove dead code with USTAR path splitting 2016-02-02 14:06:30 -05:00