src/archive/tar · d96a3a2d113909a470d2fd039018e1852a8d72b8 · go / golang

archive/tar: fix bugs with sparseFileReader · 79480ca0

Joe Tsai authored Sep 28, 2015

The sparseFileReader is prone to two different forms of
denial-of-service attacks:
* A malicious tar file can cause an infinite loop
* A malicious tar file can cause arbitrary panics

This results because of poor error checking/handling, which this
CL fixes. While we are at it, add a plethora of unit tests to
test for possible malicious inputs.

Change-Id: I2f9446539d189f3c1738a1608b0ad4859c1be929
Reviewed-on: https://go-review.googlesource.com/15115Reviewed-by: Andrew Gerrand <adg@golang.org>
Run-TryBot: Andrew Gerrand <adg@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

79480ca0

Name	Last commit	Last update
..
testdata		Loading commit data...
common.go		Loading commit data...
example_test.go		Loading commit data...
reader.go		Loading commit data...
reader_test.go		Loading commit data...
stat_atim.go		Loading commit data...
stat_atimespec.go		Loading commit data...
stat_unix.go		Loading commit data...
tar_test.go		Loading commit data...
writer.go		Loading commit data...
writer_test.go		Loading commit data...