Commit 14204662 authored by Joe Tsai's avatar Joe Tsai Committed by Joe Tsai

archive/tar: handle integer overflow on 32bit machines

Most calls to strconv.ParseInt(x, 10, 0) should really be
calls to strconv.ParseInt(x, 10, 64) in order to ensure that they
do not overflow on 32b architectures.

Furthermore, we should document a bug where Uid and Gid may
overflow on 32b machines since the type is declared as int.

Change-Id: I99c0670b3c2922e4a9806822d9ad37e1a364b2b8
Reviewed-on: https://go-review.googlesource.com/28472
Run-TryBot: Joe Tsai <thebrokentoaster@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: default avatarRuss Cox <rsc@golang.org>
parent 94f49fd4
...@@ -20,6 +20,10 @@ import ( ...@@ -20,6 +20,10 @@ import (
"time" "time"
) )
// BUG: Use of the Uid and Gid fields in Header could overflow on 32-bit
// architectures. If a large value is encountered when decoding, the result
// stored in Header will be the truncated version.
// Header type flags. // Header type flags.
const ( const (
TypeReg = '0' // regular file TypeReg = '0' // regular file
......
...@@ -269,13 +269,13 @@ func (tr *Reader) checkForGNUSparsePAXHeaders(hdr *Header, headers map[string]st ...@@ -269,13 +269,13 @@ func (tr *Reader) checkForGNUSparsePAXHeaders(hdr *Header, headers map[string]st
hdr.Name = sparseName hdr.Name = sparseName
} }
if sparseSizeOk { if sparseSizeOk {
realSize, err := strconv.ParseInt(sparseSize, 10, 0) realSize, err := strconv.ParseInt(sparseSize, 10, 64)
if err != nil { if err != nil {
return nil, ErrHeader return nil, ErrHeader
} }
hdr.Size = realSize hdr.Size = realSize
} else if sparseRealSizeOk { } else if sparseRealSizeOk {
realSize, err := strconv.ParseInt(sparseRealSize, 10, 0) realSize, err := strconv.ParseInt(sparseRealSize, 10, 64)
if err != nil { if err != nil {
return nil, ErrHeader return nil, ErrHeader
} }
...@@ -312,11 +312,11 @@ func mergePAX(hdr *Header, headers map[string]string) (err error) { ...@@ -312,11 +312,11 @@ func mergePAX(hdr *Header, headers map[string]string) (err error) {
case paxGname: case paxGname:
hdr.Gname = v hdr.Gname = v
case paxUid: case paxUid:
id64, err = strconv.ParseInt(v, 10, 0) id64, err = strconv.ParseInt(v, 10, 64)
hdr.Uid = int(id64) hdr.Uid = int(id64) // Integer overflow possible
case paxGid: case paxGid:
id64, err = strconv.ParseInt(v, 10, 0) id64, err = strconv.ParseInt(v, 10, 64)
hdr.Gid = int(id64) hdr.Gid = int(id64) // Integer overflow possible
case paxAtime: case paxAtime:
hdr.AccessTime, err = parsePAXTime(v) hdr.AccessTime, err = parsePAXTime(v)
case paxMtime: case paxMtime:
...@@ -324,7 +324,7 @@ func mergePAX(hdr *Header, headers map[string]string) (err error) { ...@@ -324,7 +324,7 @@ func mergePAX(hdr *Header, headers map[string]string) (err error) {
case paxCtime: case paxCtime:
hdr.ChangeTime, err = parsePAXTime(v) hdr.ChangeTime, err = parsePAXTime(v)
case paxSize: case paxSize:
hdr.Size, err = strconv.ParseInt(v, 10, 0) hdr.Size, err = strconv.ParseInt(v, 10, 64)
default: default:
if strings.HasPrefix(k, paxXattr) { if strings.HasPrefix(k, paxXattr) {
if hdr.Xattrs == nil { if hdr.Xattrs == nil {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment