Skip to content

G
go
Commit 5acba80a authored by Michael Gehring's avatar Michael Gehring Committed by David Symonds
Browse files
Options

archive/tar: fix slice bounds out of range 

Sanity check the pax-header size field before using it.

Fixes #11167.

Change-Id: I9d5d0210c3990e6fb9434c3fe333be0d507d5962
Reviewed-on: https://go-review.googlesource.com/10954Reviewed-by: default avatarDavid Symonds <dsymonds@golang.org>
parent b9bd57e7
Hide whitespace changes
Inline Side-by-side
Showing with 9 additions and 4 deletions
src/archive/tar/reader.go
View file @ 5acba80a
...@@ -333,7 +333,7 @@ func parsePAX(r io.Reader) (map[string]string, error) { ...@@ -333,7 +333,7 @@ func parsePAX(r io.Reader) (map[string]string, error) {
} }
// Parse the first token as a decimal integer. // Parse the first token as a decimal integer.
n, err := strconv.ParseInt(string(buf[:sp]), 10, 0) n, err := strconv.ParseInt(string(buf[:sp]), 10, 0)
if err != nil { if err != nil || n < 5 || int64(len(buf)) < n {
return nil, ErrHeader return nil, ErrHeader
} }
// Extract everything between the decimal and the n -1 on the // Extract everything between the decimal and the n -1 on the
......
src/archive/tar/reader_test.go
View file @ 5acba80a
...@@ -462,9 +462,14 @@ func TestParsePAXHeader(t *testing.T) { ...@@ -462,9 +462,14 @@ func TestParsePAXHeader(t *testing.T) {
t.Error("Buffer wasn't consumed") t.Error("Buffer wasn't consumed")
} }
} }
badHeader := bytes.NewReader([]byte("3 somelongkey=")) badHeaderTests := [][]byte{
if _, err := parsePAX(badHeader); err != ErrHeader { []byte("3 somelongkey=\n"),
t.Fatal("Unexpected success when parsing bad header") []byte("50 tooshort=\n"),
}
for _, test := range badHeaderTests {
if _, err := parsePAX(bytes.NewReader(test)); err != ErrHeader {
t.Fatal("Unexpected success when parsing bad header")
}
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7