1
0
Fork 0
forked from mirrors/tar-split
tar-split/archive/tar
Joe Tsai cf83c95de8 archive/tar: fix numeric overflow issues in readGNUSparseMap0x1
Motivation:
* The logic to verify the numEntries can overflow and incorrectly
pass, allowing a malicious file to allocate arbitrary memory.
* The use of strconv.ParseInt does not set the integer precision
to 64bit, causing this code to work incorrectly on 32bit machines.

Change-Id: I1b1571a750a84f2dde97cc329ed04fe2342aaa60
Reviewed-on: https://go-review.googlesource.com/15173
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2016-02-02 14:09:04 -05:00
..
testdata archive/tar: fix round-trip attributes 2015-08-21 00:15:22 -04:00
common.go archive/tar: move round-trip reading into common os file 2015-08-21 00:15:22 -04:00
example_test.go archive/tar: adding from go as of a9dddb53f 2015-02-11 14:08:03 +01:00
reader.go archive/tar: fix numeric overflow issues in readGNUSparseMap0x1 2016-02-02 14:09:04 -05:00
reader_test.go archive/tar: fix numeric overflow issues in readGNUSparseMap0x1 2016-02-02 14:09:04 -05:00
stat_atim.go archive/tar: adding from go as of a9dddb53f 2015-02-11 14:08:03 +01:00
stat_atimespec.go archive/tar: adding from go as of a9dddb53f 2015-02-11 14:08:03 +01:00
stat_unix.go archive/tar: don't treat multiple file system links as a tar hardlink 2015-08-21 00:15:22 -04:00
tar_test.go archive/tar: move round-trip reading into common os file 2015-08-21 00:15:22 -04:00
writer.go archive/tar: remove dead code with USTAR path splitting 2016-02-02 14:06:30 -05:00
writer_test.go archive/tar: remove dead code with USTAR path splitting 2016-02-02 14:06:30 -05:00